Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/DOMXSS_backup.js
MD5: 7e28f0ea55a64fdfcb0dcbb5f8e4d443
SHA1: 3430a406fafd2216e6eae36a4f39ea46f6fab9e6
SHA256:0a892bdb4e39dc0632856ec746bc11f3f8efea0aaedf89ba1c13094ad7eb0e4b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/instructor/DOMXSS_i.js
MD5: 74b9ea3e3ad9f347255e4af01c792a49
SHA1: b246782456ded75fcf23d93ec2231117a33e83e6
SHA256:2841cd366d560809b386b915a7a4377892b91cfc5ab5c5f2b7ca555e1fb5538e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/abap.js
MD5: 784d4658b04d4ce5063f423c80e189a6
SHA1: 4190a5c8b5f693c0dc18e8370d83f46a86fbc557
SHA256:6bc4c8572bb872a8f3ce6f5eb43c2e7f98564eaf979d5d67cc72feea3a25a704
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ace.js
MD5: 49efaef0ca9716c56f599bb8ddda4b3b
SHA1: c7101dbeb7ea8d39e14620a12aad923854a1a434
SHA256:d9f3a1c42e26cb8d7f89e5f95b1465ad020b49f82f94a1a7c6e5b74370b74cdc
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/actionscript.js
MD5: 7fd0bc3b7daac7e934cd5afa6e891c9b
SHA1: ab39816bee5000fbefc8315e64e458a103d264b1
SHA256:4af3ce0feb229fda725a0df9a7e466f064f709ec7feb4c7148ecb7be856eede9
Referenced In Project/Scope:WebGoat
Description:
JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
License:
Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.htmlFile Path: /home/josh/.m2/repository/javax/activation/activation/1.1/activation-1.1.jar
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/ada.js
MD5: 55cff79cdbbf4c5219e98ed9abc5466f
SHA1: faabf5d58ee8c6f6c9b0ca9b074457769eb7eeb0
SHA256:5ebe6eabef5ac36c8436f8bf6c5f7d5851b095114b1a330c4d3e07389163c9c0
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/angular/angular-animate.min.js
MD5: 87f2d2eb3b6a843ce918aaa8e5a4470f
SHA1: 1b74754d1cb6d9eefb7cd360531ca5a828241f2a
SHA256:edf6b2338b6b161e2ecadf600f8095eb0eb2e97259bb4778e40a7ece2aeb3310
Referenced In Project/Scope:WebGoat
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
DOS in $sanitize (RETIREJS)
DOS in $sanitizeUnscored:
Prototype pollution (RETIREJS)
Prototype pollutionUnscored:
The attribute usemap can be used as a security exploit (RETIREJS)
The attribute usemap can be used as a security exploitUnscored:
Universal CSP bypass via add-on in Firefox (RETIREJS)
Universal CSP bypass via add-on in FirefoxUnscored:
End-of-Life: Long term support for AngularJS has been discontinued (RETIREJS)
End-of-Life: Long term support for AngularJS has been discontinuedUnscored:
XSS in $sanitize in Safari/Firefox (RETIREJS)
XSS in $sanitize in Safari/FirefoxUnscored:
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/angular/angular.js
MD5: 93f98c3fe1eb6996d8e97200618e8363
SHA1: 7dcf1b25480258d399759429338cedc57239f2d1
SHA256:776f0615c1a084a93f849b71d4147e5350f1a51e70ee01288a14e68a0be43da0
Referenced In Project/Scope:WebGoat
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
DOS in $sanitize (RETIREJS)
DOS in $sanitizeUnscored:
Prototype pollution (RETIREJS)
Prototype pollutionUnscored:
The attribute usemap can be used as a security exploit (RETIREJS)
The attribute usemap can be used as a security exploitUnscored:
Universal CSP bypass via add-on in Firefox (RETIREJS)
Universal CSP bypass via add-on in FirefoxUnscored:
End-of-Life: Long term support for AngularJS has been discontinued (RETIREJS)
End-of-Life: Long term support for AngularJS has been discontinuedUnscored:
XSS in $sanitize in Safari/Firefox (RETIREJS)
XSS in $sanitize in Safari/FirefoxUnscored:
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/angular/angular.min.js
MD5: 5ae69803cee77531dce8475a1bc4e78b
SHA1: f3e4b6dc37956d7f2ea8d76f1e614197da0489cc
SHA256:a6db4c103fe152632e3838855be2cae90d159091535aa5c9a01e53d48b8aa12d
Referenced In Project/Scope:WebGoat
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
DOS in $sanitize (RETIREJS)
DOS in $sanitizeUnscored:
Prototype pollution (RETIREJS)
Prototype pollutionUnscored:
The attribute usemap can be used as a security exploit (RETIREJS)
The attribute usemap can be used as a security exploitUnscored:
Universal CSP bypass via add-on in Firefox (RETIREJS)
Universal CSP bypass via add-on in FirefoxUnscored:
End-of-Life: Long term support for AngularJS has been discontinued (RETIREJS)
End-of-Life: Long term support for AngularJS has been discontinuedUnscored:
XSS in $sanitize in Safari/Firefox (RETIREJS)
XSS in $sanitize in Safari/FirefoxUnscored:
Description:
AOP Alliance
License:
Public DomainFile Path: /home/josh/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/apache_conf.js
MD5: bd55154c863daf4d2e53145196e26f3f
SHA1: a7735c724601a24f0650132732ec3688a371903c
SHA256:494cb00d5a9f55af356562dbc86a9f4905b517c15e066847c12526922db9eb55
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/applescript.js
MD5: 9c2c4c556461fc5610c7951576e127d9
SHA1: e3ab8b4526f2d7c18d5fa0b028d884d868b4fe01
SHA256:18146d223489331127067229e4ccf2247a80bb172f496588183da804855c8e8e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/application.js
MD5: bbc43df4a70376d9448b8054f1fc5ee3
SHA1: 8bf5b2e369dc7247e67acfb12e7bb05ccaf43dc9
SHA256:d127f8cb890c76a71a31bae0533116df98a6e070cb8e8322fa84967ca180f036
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/asciidoc.js
MD5: b908e50bfc18f9aa35a8f7a9425e6c38
SHA1: 02a061529b3ae4be4d726c83ac8e619d87c5f0bd
SHA256:e9d12edfcc1037f6b1c964dc8610908a56bbec13f5aed095fcd847dcb155f8fe
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/assembly_x86.js
MD5: 8204209d916bba4cf76004c5a304362a
SHA1: 54ca59644aa84dfea7848c83ff44f1b7ab722de1
SHA256:b1549bcb317f163daa5da4e62407e50a4bcfbf29800f82f13353547439255ac6
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/autohotkey.js
MD5: 887e0caa5d012cd050381ab6f41010a2
SHA1: fa7f5e36447d3b1dc63bf3a61977daa6eba68566
SHA256:1de8a0197f73787e24d52e27cab493c288bd43bbea041d5d911ac838c09a4e6c
Referenced In Project/Scope:WebGoat
File Path: /home/josh/.m2/repository/axis/axis/1.2/axis-1.2.jar
MD5: 8be4d95595f893b44d7b0431ab3976eb
SHA1: 892c772f7c486b3c09d20f7259fb4219bfff9edf
SHA256:0dcb9346e17dafe62c52261641c6969c320b43086bec88039930ece90f16acf4
Referenced In Project/Scope:WebGoat:compile
CVE-2019-0227 (OSSINDEX)
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.CWE-918 Server-Side Request Forgery (SSRF)
Vulnerable Software & Versions (OSSINDEX):
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions: (show all)
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.NVD-CWE-Other
Vulnerable Software & Versions: (show all)
CVE-2007-2353 (OSSINDEX)
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.CWE-200 Information Exposure
Vulnerable Software & Versions (OSSINDEX):
File Path: /home/josh/.m2/repository/axis/axis-ant/1.2/axis-ant-1.2.jar
MD5: 03f709e12302cd50ee095a5412d481ed
SHA1: f07ed3d1d32434426a42043196d7cd7b7a783b1f
SHA256:db4b8abc94363aef55ec1e1b66106836b0a10ebfb534aed2997310d0439c7351
Referenced In Project/Scope:WebGoat:compile
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.CWE-668 Exposure of Resource to Wrong Sphere
Vulnerable Software & Versions: (show all)
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions: (show all)
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.NVD-CWE-Other
Vulnerable Software & Versions: (show all)
File Path: /home/josh/.m2/repository/axis/axis-jaxrpc/1.2/axis-jaxrpc-1.2.jar
MD5: 9e0ebb5885cc0a0da4423dc67c66bef7
SHA1: 56b85e05daa39a9bb4101c8c6e425d5f1db2d724
SHA256:96287de4c6a4d2e72e54e4256778f3afd22ea9a846e872e1c99c6a0b920398f2
Referenced In Project/Scope:WebGoat:compile
File Path: /home/josh/.m2/repository/axis/axis-saaj/1.2/axis-saaj-1.2.jar
MD5: 4d89989419d289b2cc7ae4b1e8b9149b
SHA1: e5681df2b55d3e6f4795e988b632e38985677f5a
SHA256:52dedcddcba9d1d48fca6d9a2f95dbb2164d2e8acd15a7af5b895743961ac47a
Referenced In Project/Scope:WebGoat:compile
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/batchfile.js
MD5: 3f141ddfe4e91e7cb5b902cfaacd2ad0
SHA1: 2d94f975af114a5be2f7629f1f599ce4633f06f4
SHA256:4a237039252e87cb6b1a37c980092fc75144964b794a6e2f596a13df04c0defd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/plugins/bootstrap-slider/js/bootstrap-slider.js
MD5: 5a061690c67238c5247c01873479570f
SHA1: 2076ec887334360a4681e92a4564479a052e55b4
SHA256:67f4ec76175fced942b678984b4cf2a45aedfaad11e38242c6b53f32aa4bf70e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/plugins/bootstrap/js/bootstrap.min.js
MD5: ba847811448ef90d98d272aeccef2a95
SHA1: 5814e91bb6276f4de8b7951c965f2f190a03978d
SHA256:898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
Referenced In Project/Scope:WebGoat
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js
MD5: 9a27f11067a142b38d60e760899914d0
SHA1: 55f4ade461892dafedfc5e07e2de029ecffaf82a
SHA256:fdcbf89bdffb23a81e3298551a58b6582544a52d69e4058f7a301cb99c93f4d2
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/c9search.js
MD5: 6c66896ca6a979466bfc391b8e10ab49
SHA1: 6c4afa6186709b5113686721c1298ba8bb7e7adf
SHA256:590681cfa60dd5ac25527e0fa815732634e6dca151520270d6cfcbb1bb5da5bb
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/c_cpp.js
MD5: 0483b000dfd0316eb66c4e6bdd156578
SHA1: 0996375929fdb01eaba38fb71e682b63d551688f
SHA256:b0cdc7d3bfdcb6496fe8c5d03745375408e0883b88fa01e59b44634e390a8ebf
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/cirru.js
MD5: dac50f02d016dd649dbac0d0b653cf36
SHA1: cd13acd1e77affb8c7bda748e4b11f5beed04a7e
SHA256:31776da115074e5d31e28aacf2fd5740f2db42e96174b835dfc3c2584e049abd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/lessonJS/clientSideFiltering.js
MD5: 139bb20bf1b3054f66a89316e4358ad6
SHA1: 19f970e2e6a30e9d155d2a05b5f830ff52d4fd24
SHA256:44af8581f7e0f8ba762c51c8a7b614d0551c456200136638e5f77fc0d949a2de
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/lessonJS/clientSideValidation.js
MD5: 3256ff678f8d3167024b98e8bd34b0d6
SHA1: 23c61317fa0f03f8c7d7b2babb9db2b22cc37503
SHA256:45086c0239e6969385e024c17816894d28d52e3e1da3bcd216b479d37b3e83e1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/clojure.js
MD5: a56df82e7873b30655537dcca6227365
SHA1: 7b87595a2affac0eaab5f6f3be9397f8e764fc42
SHA256:17704721f5d86f909322cdc70eeacd0ec32e1fa02b31ca83d462cf916b4cc61e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/cobol.js
MD5: 49c6304e1ae27edf2b00ebf7b1b79406
SHA1: 4d350edb3a21c950745c91ff30126eafef4d79fa
SHA256:403f456d3f9656d580fab52633d27dec8d5dad1a6ce1b1d03d145fd859051991
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/coffee.js
MD5: 51b2dc791586399c50e08eb456a1395e
SHA1: 8f93a8566a9cd43ae04b06e858622392cf48f928
SHA256:abe27f6a258ef33bbe4ca7efc331616b9eecaed7656c24dc9359fa56d9a78d85
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/coldfusion.js
MD5: dc2b4d49b05a871caf3fa3fb7f475beb
SHA1: 5c6ba0d6b4551986bef88286753811558fb9b577
SHA256:8f4f054b01552c3cca1457b404c2b760207de4eb7295fc5e4943d2c92d0c28bb
Referenced In Project/Scope:WebGoat
Description:
Java Bean Utililities
File Path: /home/josh/.m2/repository/commons-beanutils/commons-beanutils/1.6/commons-beanutils-1.6.jar
MD5: 31a453fcfed4339bbd08e5dd85116b36
SHA1: ed3c2b07d1b16ec11440b6656fdbd4845ea6b8be
SHA256:77d8fe257bd9b186cce1261bea2364384ae861b1999815d549121710b0f89407
Referenced In Project/Scope:WebGoat:compile
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
Description:
Types that extend and augment the Java Collections Framework.
File Path: /home/josh/.m2/repository/commons-collections/commons-collections/3.1/commons-collections-3.1.jar
MD5: d1dcb0fbee884bb855bb327b8190af36
SHA1: 40fb048097caeacdb11dbb33b5755854d89efdeb
SHA256:c1547d185ba6880bcc2da261c5f7533512b6ffdbbc1898db5b793c0cb830fcf0
Referenced In Project/Scope:WebGoat:compile
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
Description:
The Digester package lets you configure an XML->Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.
File Path: /home/josh/.m2/repository/commons-digester/commons-digester/1.4.1/commons-digester-1.4.1.jar
MD5: 1f2a01f28ec53df6401f7dbcc6fcd884
SHA1: 51031e9c43ae47693c99b2f4ffe34ed01ef2ba91
SHA256:3b35d6b867cf9c8d5dd8093c0a4e570261235d6cd9db99f2d75e53ac60fa3dcd
Referenced In Project/Scope:WebGoat:compile
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
Description:
Commons Discovery
File Path: /home/josh/.m2/repository/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar
MD5: 9a2fb56e6a79169b2fb6c8a0dc79abb0
SHA1: 7773ac7a7248f08ed2b8d297c6e2ef28260640ea
SHA256:ae9995ec412cec2a3489a0787857791b9cc784f153b4c9d0ae93e38c5f2174fa
Referenced In Project/Scope:WebGoat:compile
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
Description:
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code ExecutionCWE-284 Improper Access Control
Vulnerable Software & Versions:
CVE-2013-2186 (OSSINDEX)
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.CWE-20 Improper Input Validation
Vulnerable Software & Versions (OSSINDEX):
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.CWE-770 Allocation of Resources Without Limits or Throttling
Vulnerable Software & Versions: (show all)
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Description:
Commons-IO contains utility classes, stream implementations, file filters, and endian classes.
File Path: /home/josh/.m2/repository/commons-io/commons-io/1.3.2/commons-io-1.3.2.jar
MD5: 903c04d1fb5d4dc81d95e4be93ff7ecd
SHA1: b6dde38349ba9bb5e6ea6320531eae969985dae5
SHA256:551c13e49dab32aebdb7a70ec9c2767372e58864ae115ef389582e548cffee38
Referenced In Project/Scope:WebGoat:compile
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
CVE-2021-29425 (OSSINDEX)
commons-io - Path Traversal [CVE-2021-29425] The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions (OSSINDEX):
Description:
Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
Description:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.CWE-20 Improper Input Validation
Vulnerable Software & Versions:
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/csharp.js
MD5: 80d44d0b71b140710a74cf7eae842e85
SHA1: e902e59fe61dba09ce5e7d9c6f32b6447026fb99
SHA256:d3f0a5f0a46a7a05aed2662b1650315b527e8f86aa528949d9235253c81718f9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/css.js
MD5: 306c6c8778a3c41b1ad33a246aa038a8
SHA1: 70634f9584e8c38e4b4966fbca5b23d9a3183fbf
SHA256:0513c272c7307e0c1000bf3faee164c6b186c39d0cc5071da188d6fef39c5c9b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/curly.js
MD5: 5ed972cad145343c209a43625677ddd0
SHA1: f8d218614b7f70bda0a46a6ed388239514bedb76
SHA256:3b1fe62e84d5d4645bde448d4cbaa8d05571f7a0dcd3225a170e471553b4b3d7
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/d.js
MD5: ba75718d846b950b27f8a644ef81bc1a
SHA1: ff22c7b04407353bffc3b378c050b744ddf03de3
SHA256:66dc9bfd2e9c7a3a78435d0cf5139fa9c68bb14516175f0b2f07fb0ab0add067
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/dart.js
MD5: 1b381e2f068e61f400c5eb07fbb921df
SHA1: bbacf4c3ff280860fa48bbb032eea4b0d39b74f7
SHA256:f72bb7ef7c27e4f9f25cd6130c1ce380a3c3fb3a15b22356b2cf57567b7c4c4c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/diff.js
MD5: ceec15768a89a640ec8b09e28d2215a7
SHA1: 2e96e9553f57cfd0741ae8fd73345d2f7795068d
SHA256:faca1da18a05682c3253d3040fb1a6635972f3fec2bb2a231a7709387c9b3f66
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/django.js
MD5: 41544860d451e4ffe70471a8c67676be
SHA1: 35f7cf0d1fb46346303c365c3394cecc33c103d0
SHA256:f0da8b63034bb2000ab675bf77ec7957e5afd4076d26f5c85c80613a3864bc81
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/dockerfile.js
MD5: 1a2dedafae46cdf2dde7084d96080ed6
SHA1: 9d697fb51f02f5fd7b1a4648927a2e6475e171b7
SHA256:bf05d553361277e7f18d386cc80e2ce4d4f2bda952d67c91648c2ea9a2f485d2
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/dot.js
MD5: 7fa680a5efc009597e9804fc2baf19ab
SHA1: 5c8b6d5d73bf1b577e298a2da084cde712552372
SHA256:f0c0ae3d1ff6bea6ddee930443a0e81a290fb6b71f9cc89a32e1460bf43bc1e8
Referenced In Project/Scope:WebGoat
File Path: /home/josh/.m2/repository/ecs/ecs/1.4.2/ecs-1.4.2.jar
MD5: 62d53be190ca9cbfe01bec9fc3396934
SHA1: f9bc5fdde56d60876c1785087ce2a301b4e4a676
SHA256:b7140e42af61601390a44bd80da35fd847e2363bfeaeccdd568ef9f2cd40f91c
Referenced In Project/Scope:WebGoat:compile
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/eiffel.js
MD5: 282c63776bba664eeaeb7039c198e4cb
SHA1: 375e5930ef9401bb7a3f32a9a66dfa4ace20d760
SHA256:5e9dab4e2bf7e6d36efead1ba885c6020adb601850fcdd5f9015d185d28988db
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/ejs.js
MD5: 304f757816259c7f47dd0247c2c3c82e
SHA1: 4dd845fac82bf31efce5c22e780e94f7b7ace7d6
SHA256:4d501676da8874190adfd7e791b21140c6099cdff9a66b10dc2a3c1650c23993
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/erlang.js
MD5: 861d7c86d6b4fb63d44c1152fd2bb7b7
SHA1: 4260ead8b3d120ec099642712c069568dbff0fac
SHA256:1d1638a8a74f4b1f0ce556601b940034cfd213b5809bd3347effabace5d1cce9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/lessonJS/escape.js
MD5: fb0d699c1a32289bcf3a0defd44e3825
SHA1: 5eb21fa94c255f0d1b31be2c019b9a8bb2c9ec6d
SHA256:2869bbf54d50aa67b2facf98550f36c33bb629b05f683a13ba1da9f7e1fa7a39
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/lessonJS/eval.js
MD5: 8034d74489e990ae0c5858d0a4f863c8
SHA1: 2528a5af5a983a44c15d42995974357b97adde89
SHA256:9e0d89f887640d308c550dd6c61d0ffc1079266a241a2d5d68d28d4be52e46cd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-beautify.js
MD5: c333e22e892cd099e776e9384bbbaa63
SHA1: b89762362568f60b24c7d12422e8597b45822aec
SHA256:52a1a13399a5892f5640d822a0061b48f368b6eab519de2def2be8261bdd5c30
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-chromevox.js
MD5: ae253ee3e85de7d76210476f92183789
SHA1: f547a4009b9f5bae2fabdc2ba7f2d77c26c387dc
SHA256:bd67dc58e9561767928087801ad2a98bb10b6f4ef3e087dd586eaad5ebab91e1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-elastic_tabstops_lite.js
MD5: 1f9bc0903aae8d7dbf466286348f03b5
SHA1: 9248120c7818d4c48a2bcaa2fe622e9015c4dcfa
SHA256:712e88a23349e811ac0375995577692bbbaf4b5e8af8a25898f0414872b2da42
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-emmet.js
MD5: e0095bf45ce0289d720e50da496d151b
SHA1: 33ae76f6159441c476bc9e6a277ccabde95f34b3
SHA256:2d02f8cbbd914ad297e68ce5a5e20eeb1a8723e5d591ac4e20d0a8a90732be44
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-error_marker.js
MD5: b326e23f9532457abec0eb944f66e563
SHA1: cca603b205460571be4b140927e7c38b0f176d52
SHA256:f2eb15ea326cfe0588d70cb8ed4b05c5d6ccda4b0c6ca4e00a913500c0416407
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-keybinding_menu.js
MD5: 444e8bd23d51e4021fdc43ab64ca036d
SHA1: bad9f807125b1a9054a3cef890f888b484576e10
SHA256:aca506284025e90406df18daba8193c0b5826e0041add7d8b6d8405beddea804
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-language_tools.js
MD5: 9a461bbb4845388fe90a22e2ff7bcf4a
SHA1: a8481aff8e6b9b99793d4f3cca7fb0b573d9fce2
SHA256:7504b8d21e69f9b565cd3af5ac2c25b757422905dc3ebf03a32ab90efc20bc52
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-linking.js
MD5: 38331cd171bfd56c284d41c402491e55
SHA1: 893f61379a6cf7facad7fd7f62d7685be6ef4a28
SHA256:3826c8ac491247f67df0c93582123e71de42d0bf295729d73cdf405f57518922
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-modelist.js
MD5: edcf951b4220aa5a212c62cd6117c7d7
SHA1: 2c1ac7122e0e2ca4d23a6ab5f23160ebf891b5be
SHA256:0f81edee27c5dd0e2bfcb29799bb830fdc383e723829a775537cc1dde3ec6770
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-old_ie.js
MD5: 55211f5a5b59e9db658b6735fc9a734c
SHA1: 997c901e97c952de19ff67d6d66e2e990beb487c
SHA256:51c6b51d929ba1e1617c86e508a575f1747db87095fee00810be872b1ad4a81a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-searchbox.js
MD5: 9c1f6442062edc486e6e31834e28b65d
SHA1: 946cadf2a5be01926624824596b37d4fc4cf1473
SHA256:6603718b8350f596dc24b4cb9ba556db4eee592c07007e266e29395fe254764f
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-settings_menu.js
MD5: 496ef3f3407dd2267b779600db68fab9
SHA1: 3c05651db4eb3cb46eb81442e5e9c907fb4d17c5
SHA256:554787b1992ad8503cd416882edf574eac1df9c07082dcdbc266a5ca0cefcc4f
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-spellcheck.js
MD5: a927a71b713ac92ff04c8e41aba82443
SHA1: 9f9b0171538c35b72d876d5a1a8d0331f44bc78d
SHA256:6584f72a023d275807abdf4b25276ed7cbb53ddb2601050ed440eb5ae69dd286
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-split.js
MD5: 29c1cda912b51e0da9084c12667db459
SHA1: 53d3faa165e7ff2e16d75346eadd25b423359a7c
SHA256:c6b5b474baaa8001d329bc1a2d5d6f6a7cc710869beef8c85c2a8cb5e35ae7e5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-static_highlight.js
MD5: 63bb04cd1c28181a138287de95e7cb81
SHA1: 8d1ac59a30301425ea35d24b9e01b7013e7a6bba
SHA256:2c4ff784236ca95c16fe11a616e37a015b1522d5b871a9f020e749a4a311a0c3
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-statusbar.js
MD5: 04e7993814d27f55add0dc81546db476
SHA1: 6613f201a4ffc03046ae865dc33f9e7061d66afd
SHA256:2d80ef2f61e0f39e5d509d2f905b88b0811652919a557a33c9b8d93deb1d6551
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-textarea.js
MD5: 7b82779755ac96daf71aa40742b20411
SHA1: b9a5531b64b672e3e4fc91c539e2d7ff8dda717b
SHA256:023cd5fd944e45a79d075c5e3ce33733c6d2d1c152c46001ff12b40dbcc18a99
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-themelist.js
MD5: ea1b80b4f6258dd2d7b1f475977423d2
SHA1: 8bc63fdaf1402db5eebd5849903edb1d47e32f00
SHA256:6f35603022a125a77f7e8044aa968e5fccda161c04a1450b05c8c63cfec306e4
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/ext-whitespace.js
MD5: 35cd54b3052a07891a82ec97bd308b2e
SHA1: 94333ee5721caed721d09cb407a93332a0900dca
SHA256:fb5df55b99b3913b64f2552a8dc9c257981c805269cb3e347d460035ea303e8b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/forth.js
MD5: f59030955b710c47683d3b3fc61aebea
SHA1: 22bae792f5b296da366a32ea10b5530ae06cff83
SHA256:0c65d8a8e1fe0f2334d4964917157a23e152dcf1d174abe51134a929582ac4f3
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/ftl.js
MD5: 0c0aa230dc3486af3d17bd7bfb605edb
SHA1: 1f11eb9811ff5a7aff8eaa545aaceb477c12d16f
SHA256:e2ff21ba9dac46ced3a4feeb8574dd509de880e8cc265216ca91de3848c1b201
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/gcode.js
MD5: 199b33f0fde4fefe12fbf619e3125bc9
SHA1: 6cef8650ba25b9684d51ed6659bb1d6af3a597f0
SHA256:1faf32f8f84e9a4419637abf3403b64bfbe46e7286a696d7edbef480dd03b494
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/gherkin.js
MD5: 286947a9740db2e1f2949789e660640b
SHA1: 03b05e3003e377f45b74cc17663fdd10081eb131
SHA256:d906b47a719c8fcc92dd4998caef814200f69f5d5dae7c13f4944866b2dfde9e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/gitignore.js
MD5: 6005e0482bf79a666dea7982c72a4499
SHA1: 9adbae6485ea8c397beda2b81c6a5d1c3ff571fd
SHA256:23880385c5250826a2fa9ae43a5e591c61936eb6e4b4b3037408d37d28dbd246
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/glsl.js
MD5: 5487e3c96b5f3afb9e7ba06882dfa7a4
SHA1: 6902e6e3ab42495791f4f6438201d0584542caa2
SHA256:3d8628de3b70bcd05559fe4dbf331157117e748f059254a6556722af26be93e1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/goatConstants.js
MD5: 546dc30709956c0e4c9f43773155a649
SHA1: bac9f4855d48a31cf06b53d8efd3b43ede9238f9
SHA256:9b48bad81f3412ea5c08af8097932722c5cd5a68f10808de9a689f9cf7b534cd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/goatControllers.js
MD5: 9c590c765d8ff0dba011422506840857
SHA1: 5f056db2ec3b8489a9d8b22c72591c6d3c5125b9
SHA256:dc45ed2a2b677f7b31a172dde38c320d8d051303a5b71f96604087d1a4c662ac
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/goatData.js
MD5: dfb4e239e37d9530cc7c15a94c28f24e
SHA1: 175c0ccd1898dd2d6ae947ba4513036aa6a81a6e
SHA256:ebebeef4fcf0aaf80833e5d4d8b176e798029f26af713fffc9ce4c8cbb675b47
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/goatLesson.js
MD5: 14fe5e61473db1de2a497f36677cebb9
SHA1: ad71ac5c22a36a6b55469a4f9c485ad06f6d527c
SHA256:f7c5e2e4cdfaa2d84218cf73437858cf07b155fb47025f3092d21852f866bced
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/goatUtil.js
MD5: 262000c639c6c1a78f62715a2a1e3947
SHA1: a23b167ddcf661d60e88aaaf5e33fcfa2807f8f5
SHA256:243c7d24ec6329d62e89a81edd6b440b4a2b64bb4a1474634adb3617183a5d33
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/golang.js
MD5: bf72cf5f74ae084a046049d799a6d873
SHA1: 2baf71bd8c6c3d5bda19f9c33de856b89ea63190
SHA256:acafeaec2d7adba4d5d54c8461dfe92b608fa02068b4f802076e8b0a479acb5c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/groovy.js
MD5: 0c5cc78d625930c2345d30fc001a453a
SHA1: a262af72710041f44d63cd072f0b933af49c808f
SHA256:157dd62b65e9a3b2e4a6a9c1ec9ec27f7201a99395df4db9d043c22255c3750f
Referenced In Project/Scope:WebGoat
License:
http://www.h2database.com/html/license.htmlFile Path: /home/josh/.m2/repository/com/h2database/h2/1.4.187/h2-1.4.187.jar
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.CWE-94 Improper Control of Generation of Code ('Code Injection')
Vulnerable Software & Versions: (show all)
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."CWE-312 Cleartext Storage of Sensitive Information
Vulnerable Software & Versions:
CVE-2018-14335 (OSSINDEX)
h2database - Improper Link Resolution Before File Access The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.CWE-59 Improper Link Resolution Before File Access ('Link Following')
Vulnerable Software & Versions (OSSINDEX):
File Path: /home/josh/.m2/repository/com/h2database/h2/1.4.187/h2-1.4.187.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: a914a66de53dcdeb39684f1ce8ce8527
SHA1: c41ef5fb193ac25622f4e129470339aec24d731a
SHA256:8c5b079b38e94718bb58a71b0e310bad6c1004670a19c1bc0f63b32fdd81134a
Referenced In Project/Scope:WebGoat:compile
File Path: /home/josh/.m2/repository/com/h2database/h2/1.4.187/h2-1.4.187.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 495277155635a72b0c69f987d938b6e1
SHA1: 446cad47e33a62baf330ee5200646b5ccb9c0df9
SHA256:14c797bd700570c38e8af1aa50ecea205a385be466ec9431e46dbe586ce7a61c
Referenced In Project/Scope:WebGoat:compile
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/haml.js
MD5: fbd1ed8d8d4236990cd38c3a67112a32
SHA1: 650e6cada55073145dc75972f5d58ad36e3fbee1
SHA256:102ef1842cdfa9b57919581e3826884ae7e187c121c8da3a620a2859c3f40d2b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/handlebars.js
MD5: 363062c3ce37a7b9fd6012c150d89f81
SHA1: 0a0cc4d538e31656b7ecfb9f17b2bb2d5623f9cd
SHA256:f3f3de5613cffef70f7a721239f801038faac9899d6c9982e6d4dd21d295eb3e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/haskell.js
MD5: c55ef9dbed57dabf8c2b03411282abb1
SHA1: 9d6d335366a376d4364b6953fe030b419a151208
SHA256:15128916d900280aec19dc87ac02ddedccddacd87456a7c92103900c1c84f97a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/haxe.js
MD5: 227cc1e609bc9788021ecacd3edd23e5
SHA1: ec7e39496cfd5e575cb955dc088ee5b9fa8c9003
SHA256:fa204ccbc4e74309746a3f612ab16e539b7ef078e6b4bccb9254f1ff8c41dce1
Referenced In Project/Scope:WebGoat
Description:
Lightweight 100% Java SQL Database Engine
License:
HSQLDB License: http://hsqldb.org/web/hsqlLicense.htmlFile Path: /home/josh/.m2/repository/hsqldb/hsqldb/1.8.0.7/hsqldb-1.8.0.7.jar
CVE-2007-4575 (OSSINDEX)
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."CWE-94 Improper Control of Generation of Code ('Code Injection')
Vulnerable Software & Versions (OSSINDEX):
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/html.js
MD5: 0c1ea4e31a9a929b0016c320bb6e3224
SHA1: d282054a9494ec7c48e3685adbbf375d6c8be54d
SHA256:c0175e8a3169753ff50c4b3b53a837a1c817f8e622f4476b83515c04192fdb5a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/html5shiv.js
MD5: c5776ab906652add91f9d827138cddf5
SHA1: 7d0a114ba30b3028156ef53d969fa6da2edc7fd7
SHA256:3217cc8b501b86b92da66d9e9d2b3f598adbf7c3e16087c0c69e2102a82ae8fe
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/html_ruby.js
MD5: 99bafbd9d39ef8ab222ec2781a78cac5
SHA1: d0be3567291f7e113a264da78c286ec6c9038d28
SHA256:bc7ad10dd79279a6d2ef9ef5d011e8ec2d3c347cb9e61920513a36bf6a1ec738
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/ini.js
MD5: 8ac56ca1ee4b174a3cd8ac98b91759f9
SHA1: b76f51cbdf63e208f83565e3e434fb93f73ee136
SHA256:cc8fbc953adec3ecffe3449be3de750c2661fc9070ba977c62da9d7b317e19d6
Referenced In Project/Scope:WebGoat
Description:
The Java2HTML Tool
File Path: /home/josh/.m2/repository/java2html/j2h/1.3.1/j2h-1.3.1.jar
MD5: 00542e91fb1de915744d45967e5d6a28
SHA1: 18d393ad345b03b49c624069e2c7fde336372c3a
SHA256:1691231bbdf3d6671bdb0b236619e033e10664be423b2312f93c35dce742f9ad
Referenced In Project/Scope:WebGoat:compile
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/jack.js
MD5: aa880c9ba0b2438105a891c46840264b
SHA1: a08d498c4932aafd62dc98c854314ab3a8360d86
SHA256:6a8ad55c6b528ec6fff48821c6e99ed00a3754b8ac52dc3aadcb4775a7705a3e
Referenced In Project/Scope:WebGoat
Description:
Core Jackson abstractions, basic JSON streaming API implementation
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.0.4/jackson-core-2.0.4.jar
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
Description:
General data-binding functionality for Jackson: works on core streaming API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt Lesser Gnu Public License (LGPL), Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /home/josh/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.0.4/jackson-databind-2.0.4.jar
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete Blacklist
Vulnerable Software & Versions: (show all)
CVE-2017-7525 (OSSINDEX)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.CWE-184 Incomplete Blacklist
Vulnerable Software & Versions (OSSINDEX):
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.CWE-787 Out-of-bounds Write
Vulnerable Software & Versions: (show all)
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/jade.js
MD5: 50105ce6f3dee8b5caee3a35c4cf849f
SHA1: 4c7da316053dad3cb9b55b73ecbe34d11323807e
SHA256:93322f43f3b849de4c13814cf5c4550bca9d30c336d881d8a3e7e9be84031b33
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/java.js
MD5: 29ced664970797fb38af38d2790054e4
SHA1: 2e8447d059e99678cb04142564342b215db9c8ef
SHA256:80e682ebe7aae57a6294f14621e8248b347e08a6baf212f17f29994902de7aae
Referenced In Project/Scope:WebGoat
File Path: /home/josh/.m2/repository/javax/javaee-api/6.0/javaee-api-6.0.jar/META-INF/maven/javax.javaee.api/javaee.api-compact/pom.xml
MD5: b784c7597df2245415c25908bda7b347
SHA1: 593282a46163de5e00d9cf135acaf0c93df5bfd5
SHA256:f28fc6bc9f08910c0eda9fe89554d7b9b15ae4517a7cac09f48e3979098e0630
Referenced In Project/Scope:WebGoat:provided
Description:
Java(TM) EE 6 Specification APIs
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: /home/josh/.m2/repository/javax/javaee-api/6.0/javaee-api-6.0.jar
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/javascript.js
MD5: fc5aa1859b3ae2e0135e76616bd85e1c
SHA1: 7f4dafca72fdbd1c923c4f59c0c056d74cabae82
SHA256:ad9ef4c95e01e72360a92276b27e43484edb67662540bc6ba536c614b3537487
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/deprecated/javascript.js
MD5: 014cac794124a8808c490d272c01034c
SHA1: 63902ecdf97e66ebd14bc512e2d3bc56dc63f4c5
SHA256:b75c5688a2c90e06e8c2abc760da4740f566b3cc9b066d3ba25efa7b25b13fd0
Referenced In Project/Scope:WebGoat
Description:
Project GlassFish Java Transaction API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: /home/josh/.m2/repository/javax/transaction/javax.transaction-api/1.2/javax.transaction-api-1.2.jar
Description:
JCL 1.1.1 implemented over SLF4J
File Path: /home/josh/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.7/jcl-over-slf4j-1.7.7.jar
MD5: 32ad130f946ef0460af416397b7fc7b7
SHA1: 56003dcd0a31deea6391b9e2ef2f2dc90b205a92
SHA256:c6472b5950e1c23202e567c6334e4832d1db46fad604b7a0d7af71d4a014bce2
Referenced In Project/Scope:WebGoat:compile
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/jquery/jquery-1.10.2.min.js
MD5: 628072e7212db1e8cdacb22b21752cda
SHA1: 0511abe9863c2ea7084efa7e24d1d86c5b3974f1
SHA256:0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
Referenced In Project/Scope:WebGoat
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.CWE-1321Vulnerable Software & Versions (NVD):
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/jquery/jquery-ui-1.10.4.custom.min.js
MD5: dee14bd079013b7f8b7d9a67a4f45676
SHA1: 8136518429f61e6a9cb44a1bcf93162169c1728c
SHA256:16cd27db3efe2735224a3d9541c456435edf00468c6d7e83cb69876399b62264
Referenced In Project/Scope:WebGoat
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (NVD):
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/jquery_form/jquery.form.js
MD5: 08a24670beb2eae7ef79a6d5ac23874b
SHA1: eca8a1978457941622833130e92b9b274e2b3a36
SHA256:3a16fd80d67008f1c947cf93ebb20e2af2ed1a6317e194d35ed15046076c4211
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/plugins/nanoScroller/jquery.nanoscroller.min.js
MD5: 628b7e1f0769d95f4119387ed370c939
SHA1: 1e2a3f241c7c927aff846a3c3715cd81cdf24429
SHA256:416ad55cf7de24157be9df6b068730d9accafed450641f590fea7e9a941289cc
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/json.js
MD5: f282812f4bcf545fd18afe9a27a53548
SHA1: af58ec9edee895b4d0096e7113c7c76463808980
SHA256:abf78c84c8efa9ef5098d97d647944b8fc7b8a113996e47609dd41ec644bf173
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/jsoniq.js
MD5: da83446c7648c7834d83d4aae0d613bd
SHA1: 995eedb91db144757be1e62c1160a42be07e1d93
SHA256:19c02b5b04b6ce54fdae768f1d63e6c38e2b7bc575896c224a457f586afccba9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/jsp.js
MD5: 37eda3aa8b75fa0d4f7f0472fd2ef5a3
SHA1: 5600a2f19a5dd80228e26c2a9281d5a16185532f
SHA256:25b1fde495747cf8735600381c52d45f7960a560fb0e3796b28d22e95e282d5c
Referenced In Project/Scope:WebGoat
File Path: /home/josh/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
MD5: 51e15f798e69358cb893e38c50596b9b
SHA1: 74aca283cd4f4b4f3e425f5820cda58f44409547
SHA256:c6273119354a41522877e663582041012b22f8204fe72bba337ed84c7e649b0a
Referenced In Project/Scope:WebGoat:compile
CVE-2015-0254 (OSSINDEX)
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Vulnerable Software & Versions (OSSINDEX):
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/jsx.js
MD5: c37db5a5d8769b2219925d8c1f58f638
SHA1: 2fc617bff6b077ee2935064bf1a1139a93ae8194
SHA256:2f202e349ba17291f2f190118b7d6edc2dc392239ce1033d7b6c633b603b1a00
Referenced In Project/Scope:WebGoat
Description:
TDS is an open source 100% pure Java (type 4) JDBC 3.0 driver for Microsoft SQL Server (6.5, 7, 2000 and 2005) and Sybase (10, 11, 12, 15). jTDS is based on FreeTDS and is currently the fastest production-ready JDBC driver for SQL Server and Sybase. jTDS is 100% JDBC 3.0 compatible, supporting forward-only and scrollable/updateable ResultSets, concurrent (completely independent) Statements and implementing all the DatabaseMetaData and ResultSetMetaData methods.
License:
LGPL: http://www.gnu.org/copyleft/lesser.htmlFile Path: /home/josh/.m2/repository/net/sourceforge/jtds/jtds/1.2.2/jtds-1.2.2.jar
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/julia.js
MD5: ceb8e1f510d2743614b9e80212a82bc4
SHA1: 0264e7557dcd9ff3cd75bfcb697f918c7535e4cb
SHA256:c3f307cfa62a7c34e72ce1d67000060687ab2e7edd6fb5ee5eb4bca3810df6d7
Referenced In Project/Scope:WebGoat
Description:
JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java.
License:
Common Public License Version 1.0: http://www.opensource.org/licenses/cpl1.0.txtFile Path: /home/josh/.m2/repository/junit/junit/4.8.1/junit-4.8.1.jar
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.CWE-732 Incorrect Permission Assignment for Critical Resource
Vulnerable Software & Versions: (show all)
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/keybinding-emacs.js
MD5: 08ebe3327a830d8b925211df3ce0ba94
SHA1: ec1b1685fa6c4ca750cfc612fe3187238b2c6d8e
SHA256:d41c066dd35cfca6ca11c1e7577246800e04b45cea1106959eb0f18b3cbdd419
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/keybinding-vim.js
MD5: 366dec00beaba6bd0c2cd58028a7bc30
SHA1: e9025a7a074e86e7e3bd12d2571c84425434679d
SHA256:46cf9c9895f4d63f712e472098dfdcfa4c646a365483cb621b3d58cd79a3736c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/latex.js
MD5: 0ae7253f541408873856b8e0bd0bf8ab
SHA1: def253070a82b86eeb752b774524e61df5969f58
SHA256:aa9d7326f62dda1c5643f615ded67f74d3e8667f0454226dac2c57c63ffe7ce0
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/less.js
MD5: 857bebd6903f99849b60bd91420254de
SHA1: dbcf52b4f8ddd60d65e448a3951702c277bec1f0
SHA256:75d53fbdd95c770ca6a85a679f7419e4da5ad3ee5c4b3714630ecd4192c7a1e6
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/lessonNav.js
MD5: 1bfbe8d31999c835ab1eaf66a84f4527
SHA1: 00a945d09dc23b562594ea9f9752c6abe9f47e0c
SHA256:a954f755779bf84b52529e93ebc68fa0f9caf91a77ff8cf7addcb65700f5e3af
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/liquid.js
MD5: d584a682af667856922d0e63b4d13ce4
SHA1: 0c83e565c9db27b5238aa09edb9c5faf67d46d7c
SHA256:c985b069ebb0cf5f29bab8dc264a0578c88e06f2ff6ac23621a63574cc0bc731
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/lisp.js
MD5: a849a4e4a3331d4660be24306dcf8715
SHA1: bc928f3826d4ca080a0c7eccf0d43ee69fc6b4d3
SHA256:7e185d1e68a4ea1b28d1a28dafdbe8fabd61fe678a801c0fdab8d96bb79f5f43
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/livescript.js
MD5: 65da6167cfecbb426fe75b087e3350a9
SHA1: fd7c186c104c093eafbb3d056b60fa4148781531
SHA256:4097e5a5e4d816da93647e560aa6d0ab89e88c9e0510fec7133b4e82312a65bc
Referenced In Project/Scope:WebGoat
Description:
Apache Log4j 1.2
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Vulnerable Software & Versions: (show all)
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
CVE-2021-4104 (OSSINDEX)
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-4104 for detailsCWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions (OSSINDEX):
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions:
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/logiql.js
MD5: b0671780685a71c8b111845b32b68fc9
SHA1: 5d9803681adbdb072cb30f26870d06a4832a3e2a
SHA256:f935ee932ee5cc036fcb86225c054a36d6c619bb9f832907a8dc3762976c28ed
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/lsl.js
MD5: e0a23c46753482b7949823ac72d80925
SHA1: f684890148174f2479c0edfa8a6b37d86bbf7b46
SHA256:604f1d73fa194559ab9c989e5fa471e03d612fb64d1bcb8a535384edb140d1f9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/lua.js
MD5: da21a820e1b79e1656df819f1adf1ecb
SHA1: 01468bb00889abca78651eb55f918e256b9e9088
SHA256:43782e863cdcdc04af205b11930bcb11922031de534028914cb4b7884b99afb0
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/luapage.js
MD5: d07f9a1a75e6e06712d4bf13d070e119
SHA1: b952c0e700832e48e140e8624b2b2a351a6b8ff1
SHA256:5fac6f9052cffb5a27ee0d53cc277c6eb3280dc56bae80bb38c41d9e7dfa488e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/lucene.js
MD5: 92fbdd59c8a34d95d9871b20f0a9edfa
SHA1: 786d96e59a5688c6d1da12138cba93b7269eebe1
SHA256:ebeaba26b19435a22ec63f395eaf4e01ff34041e9daed58739b296e05a3d3a2a
Referenced In Project/Scope:WebGoat
Description:
JavaMail API
License:
http://www.sun.com/cddl, https://glassfish.dev.java.net/public/CDDL+GPL.htmlFile Path: /home/josh/.m2/repository/javax/mail/mail/1.4.2/mail-1.4.2.jar
Description:
JavaMail API jar
License:
http://www.sun.com/cddl, https://glassfish.dev.java.net/public/CDDL+GPL.htmlFile Path: /home/josh/.m2/repository/javax/mail/mailapi/1.4.2/mailapi-1.4.2.jar
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/makeWindow.js
MD5: 1f14774ad4f5a5d888316d72698be2bd
SHA1: d6c0eb5aea2cc14fc6cc07ecb651661d2628562e
SHA256:d11be84c0b20b3fcc119847ac532af90586da6cb19f0ec3166dc79e564eca7eb
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/makefile.js
MD5: 0c76c3585cdacf295258e3b6eb460b0f
SHA1: 1e88daf699c1371962144be1cde1803816dae234
SHA256:95966501dbfcb176413fc150a194cd3dc33e19d193acf4f8fae0717ca73c03c1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/markdown.js
MD5: 13893fa37d7dc093db7946a8742544e6
SHA1: da6c5755b73629c42876733298f2fc52e75b31f4
SHA256:45a6d86785288f496002c4c5a53445fe3ddfe61b498bd621edf1785944671ccd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/matlab.js
MD5: b1cdcda8d28f43bbf0f45c793992dcbb
SHA1: 157c5e708af6badda4c9eee6466ef34e87ff9ad0
SHA256:962ce5ffd189a19f1779c06448baae7e0b6332a7b9300cca66e6a4eab77a0ea8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/mel.js
MD5: 6e8e9dfb043ea9c4e1012cf2b7c52a93
SHA1: e5d9fd0a1efb9aaf4e01988f5fe4cba7f96732f2
SHA256:d10599ba4ae22bdb443ba3139baf2d60ab20434ce7fb2560f9a35bffd255ece4
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/deprecated/menu_system.js
MD5: 4ed214de6928b2c6bb718c695428e307
SHA1: 117cb03f8187d7e7f4fea333a73d705b8de951aa
SHA256:87eb1a74571d77af649f0e5472470243bf6ffc0e115977b371849b976715578d
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-abap.js
MD5: 7838adb0d0f05ccb80385251a990c3d5
SHA1: 771d6eda903cb607f039efd19f1e81ec3b704f1c
SHA256:d40733aa3333ef7ccc8c4911a92879923262b7035c2eec373a664430be130175
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-actionscript.js
MD5: 3a397c61b1a6a01d5203642d5363015e
SHA1: af3a3f75184cb381441b43b74ff164d0e156befa
SHA256:c50246c030a6e021ee38dcb1f35cf1da931ad80ef50fc23b596fd57088a3cfb3
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-ada.js
MD5: 5d29d1f2aedce3c269001349b9157a83
SHA1: 27c2f9a14b7741b30cf3532634ad4a65e05161ee
SHA256:8a4393a185be6c42fda3344c22c47a536016a5eecaa803bfac8a47f70792dc5a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-apache_conf.js
MD5: 2b799f598e62da2fa55db15de1203835
SHA1: 09b1bf777885781b4d091935163f1e7eef066b95
SHA256:a405501f37891874cd4f3d44586661a5dd949535385832b59c80498cd3486481
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-applescript.js
MD5: bad1c4713dd214bede6d579f9d73a72d
SHA1: 21c7047ff052aaf9b8098c6fa9f08dfe99d2db91
SHA256:e50d16419e1aa1762c2a4bb6aac4994422da024084f751b616c7e6beb86aa379
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-asciidoc.js
MD5: da4233afa2508b474ec54bea79cad256
SHA1: e828a6b7a8b6500a3bbd52b62c1373270c6f7f05
SHA256:5c499d8a75d5c9b273050f9fcdc7050e60823635829197ca9d17f00b1fbeccba
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-assembly_x86.js
MD5: 0f0cfe4ec86765d4651bc29ca6671719
SHA1: f76d3d09bcec5f750a38fd32a3be81a613c65018
SHA256:89a718e017162c7a04e94a6f098e1cf7030d3527d1aa2c85a45dda0fc3b5f39c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-autohotkey.js
MD5: 253daa7782a87b5740fb63ba7589d321
SHA1: 209972bac043a8602cdc29a6ad636436163a87ae
SHA256:2079640fc04eb5742a5e7f106dc9d4b4ee18bb112301c9a488dd05de3698cb0d
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-batchfile.js
MD5: 38030ea6eeaa26f4776ba482af948b80
SHA1: da6cd7eac92d91f80752e3d1282f69aadf3e11c4
SHA256:839227cc4b92697fe2676c493dfd70346acc5b38af61451cf59029088f461407
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-c9search.js
MD5: 293a04838943de89d8c307897050566f
SHA1: 83e1bbde958588650d2b98134b3ee0af86e26d62
SHA256:cccaf9b87edb4b73e68525134e4bfe92312abfa96581d46d5d895ab2db17ef31
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-c_cpp.js
MD5: 5e8e182a42586c8c492e0c988fc77c40
SHA1: 6ea9b0bf701ea725223e59a274633f94e42af40e
SHA256:6f862cec6dec4379c29036d13a51c1dd075a8e64124e3b128ae26eedcb753400
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-cirru.js
MD5: 22349f60eb198e1feae906c8840abe26
SHA1: 40c53ef0346b5cfc63d660cd1b45921c97ff1c31
SHA256:e98d27d565ee7dfd0a176e05704bb14f4bbbbb420f05645fe62361d0a13bebb6
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-clojure.js
MD5: 4eb012543fc9718f0e76b4b6a90a08a8
SHA1: 82fb1f9b9b8c4bb83edd2db7df8b60aa720bb8e6
SHA256:7e1fcbe9396694aecf049f7c3496b81e90a99043f61897b3024836123a6d170a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-cobol.js
MD5: de25042e623eeb71b017b012cedf1897
SHA1: e2b7912e3018c09897c90ea52fb5993c6eda915a
SHA256:98bad4e2805391f47dfa45f78491969d4d65677824777945f9b7b7ecf86efa7e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-coffee.js
MD5: 191f325fdc8a214f8507ba3bb22b7a24
SHA1: 73e5757d9fe8dc2bd69c409c38951db72686a054
SHA256:f8faba413069370bfc96e19629a378c2e1def7633787b16b31694856ef5ac0d5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-coldfusion.js
MD5: 9c26c4dca2c52b7d7e76fd0f623330fa
SHA1: dedf1e3294a06a7c6ec1f1632d14a7812b40b90d
SHA256:ae149c6fb2cdda41f10756b04a0385d1e67f87e5afcfd4bf8c962469b1a2c5bb
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-csharp.js
MD5: 8940aa8015b581c2fa9e9224c0680460
SHA1: bb9c738ca9f9d49e8177bcf0053ee96fad589be0
SHA256:1d8082e190a3035914095e3fad9a4bcf3ddd7cee2f7b14e025f767eb57bb7635
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-css.js
MD5: ec8855a793d8ff1d432c0e7e0c0a7fc9
SHA1: 8cd1bb8bb0785027868462fbfd282527db0a9a39
SHA256:d7b9a149e262de2332e972c671fbe01634a7fe3ea94ef4e7d6d969b2545949fd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-curly.js
MD5: 8df18dbcfa8b5f6e0375ef79b5806391
SHA1: 180f049cd77d95b01c4b5f632542b872ad245340
SHA256:df7fd06d085b83dc812ff8e59de9b062fb2e8915ab26a7b7742a51cf34d4d8ec
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-d.js
MD5: 22cc0aa42b3e442d460b58a4f23e71b9
SHA1: 9b11259b989a85b7a07db6cc352a327519a470f9
SHA256:ef06376b98acf7ed7d28436567cca955153f7222e40b0bbe55d28eba42aea36e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-dart.js
MD5: 5ca0e971fe97b3036eaaa25242c180b8
SHA1: f15aaab81546cb4e514929d799b36649ed6ea09e
SHA256:5fed527b63e97fb8b45767f3a5ff299abd81b2ec05f5533ca551e875ef64f38f
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-diff.js
MD5: 6b8dcbabd950a45250a064d1ac0499b3
SHA1: ca182c5330ca5c75b74aab3f5fa896de9b7a99ef
SHA256:9129a58d8a6d7e7f9e3282af8caf5202196862151435466cb1cb01379ce17f50
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-django.js
MD5: 3ddaf96ce0388c97666833817467b209
SHA1: 1cd2a3f676e09c0bfd72648b16209d31f4aae0d6
SHA256:0d910f96578cc1f892fe7f5b6151d69b7a1e3b7a5304bd36548f34ea9190b2e0
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-dockerfile.js
MD5: e504f0e83705ad5d8d5a1df03de32a7e
SHA1: f884d4e8fafaf398912e9246c7be5781c3f77c60
SHA256:bb8dc71ad45c4f20f03a8ba9151dfd54a647c17b84c4cfaeb3a568875fdf658b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-dot.js
MD5: b336056d8782fb6bb9e4e5dcba6d9a8d
SHA1: cdb6e944145a5b040b6905a796020bb832ca1eac
SHA256:e611e58ee8ad8bc7b64ef0c06d0a3395cef798f2ddf2f25784e1ac4cf73736ee
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-eiffel.js
MD5: 033c351580721f802367ebda6f3e1742
SHA1: 408680322a2c044428b89b5d3c491afde84117e4
SHA256:a814eaf61a0554f751d68a2304d19e0b685fca5b66f2a247cdc9027e6bfeabda
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-ejs.js
MD5: a8e9c743e3dccd12c05776acd13d2958
SHA1: e61289dfea7f72b6e599d14ef053414d033fe028
SHA256:edd0f74ef88a9fd81e11a2d60d4aff04d4285acf058401ff83cb6cd029a26c32
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-erlang.js
MD5: 2ac5ddcc749f3883d463ce28eaeca81f
SHA1: f85a082699d27f6a33dacbf0b3a2520db6eae676
SHA256:daea4d252671b0bf2f71f20e38becbfd34bebb86e85c49398c148b9ace573807
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-forth.js
MD5: 5750a1384833146e9652a71b7be318d8
SHA1: 69b5b0a63e1c4261c8964f9afcd3ec89cb27c822
SHA256:5e5e539e9d39ca05b4eb3dd5840a26a7defe2e64c20763e726b2716d30ec9124
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-ftl.js
MD5: 1fa749c287cbfadb1de470f3796ab2ee
SHA1: eef158efaa73f52cdbf792a64a99248f5f240005
SHA256:3be111f9bcd4ce4880fd8b494e175c7439f3f48172fbadfae750f3a6af40fb8a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-gcode.js
MD5: 477913fb9e0d8495345d70a1626ee6da
SHA1: 88c5beec536865626fdbea0e95d30c12bc065168
SHA256:61ae1df429062a6aab4b8048bbdefeec54c27df1a7f6a8a164ee39a25504a337
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-gherkin.js
MD5: d694ba3b7a263c8ee1a66753b2b45a25
SHA1: 742efc5cd84c309413f1270bd215ee64920935c1
SHA256:81421f31e85443e14ac7b45bee364dff66a60a245e207a7930f65070ad01eeec
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-gitignore.js
MD5: 066c4be94aaffc0ff49419a83403e2f8
SHA1: 47e3e78f66887b101ed77e7edea5cb90f19ef9f7
SHA256:b20ffbae8580bac6f815942ab505d8b83aa415fa983eee01066b700a3390f8fc
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-glsl.js
MD5: 7dc933d6c21abc5fc7717a89ba0881c1
SHA1: 57f05116e8cc26802a0168ae0dfc702a447d1d99
SHA256:17376b7d5ebb409b8aa6f6078b269b68bd7319ea143a39fdd36adbcbd711c166
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-golang.js
MD5: a2c6308d0d4b78ffd2e0205b412f302c
SHA1: c0714c4aaee32b4b6120b5c3ceead714cf50e725
SHA256:425b55474857da466a4d255884209cc217881e86e9c156d0de5e1347224d5f7e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-groovy.js
MD5: eee3c430acb654d7d4024ee460c4dc50
SHA1: ac2492fac273955e71f39e0f556986c51d5aa1c7
SHA256:44d09eac8ffeacd9d85f1dbe740174152be1d7e92c83abd923d8e1706598a531
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-haml.js
MD5: 21fb1ec8ce952e53825885d99b9cbe1f
SHA1: 65e2805ad12f7dab17655934907d27af880b1274
SHA256:cee47a572685d30a224b0855e85c387c716cfe6198ffa4ef76451b1df8d48031
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-handlebars.js
MD5: 2b74eb051e400466747c3771533fbc3a
SHA1: a3bdff70e30084fe8e9f09ec199c778a654e3227
SHA256:e63d75cd0f8ab30b187b0f6ff34744c30c610b1425362583436ab92bcde55f96
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-haskell.js
MD5: 4673801c485c94bc48426393d8e25ecc
SHA1: 44f6700875a4d7a789c17e3a65ecdc7a8de62314
SHA256:7a9e4a8aeb1e3d36a41216feaf1b7915f165ba8f3d824e07cc904eb8c6bd2d06
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-haxe.js
MD5: 182310d106865d22a7462c071db891a5
SHA1: 449fa7e7c94b0d37459f6638861ce6d0e89bcf7b
SHA256:f316a84e0384135634e8a13e044ff38f3b1b24d80383c290db392d91acf4a529
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-html.js
MD5: d70d21350f3142f4010a99f3381be78a
SHA1: 7d3a4844eafb4a7f3a2e8df079a734d476c6f3b9
SHA256:059ae3064ded403febb99b28def26f704a8dda875ca77a3f03b18c256ac10331
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-html_ruby.js
MD5: 44f099e04ab85edff768b649df6c9cb4
SHA1: b5a450388e0896e552c4f97271c43d9a63f9b3c6
SHA256:a4bee7fa28c18f059c8ca3cd25631e30e5cb6b685524417f4e2fd15d2694c2cd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-ini.js
MD5: 5a8c0a8507d3f6d6695636b23002fa85
SHA1: a70c3114d41787e670814629a8127365c6309269
SHA256:07a359591b5693cad975de5da68eefc5d4972e9ceb8b873371bf74fe8f1061bf
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-jack.js
MD5: 0de640408228b64c41775cc772c5e256
SHA1: 0eb737377d721c5e4989df06cddf6f495d1f2b5e
SHA256:e3c172de6e689fffa746adafbe9d7b76de324287336ea3e98e5052b8b25d3d71
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-jade.js
MD5: cd7b892595ba14cbec0b030413086974
SHA1: 7c2cdaca34ce4d91afc0209a73f4bbeb592637b2
SHA256:e25e5f5b20e5c853b19a75dc550505e3fc67cdf3b67cacca4c8231751e094318
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-java.js
MD5: a9103d7ec4648dbe940a80e5b1f43fd1
SHA1: 7c9b4016c66c0cffd0b5ac647cc204fd71c445e8
SHA256:894da6f1a96ba1f76de587e6c7bed0cbc0110f2be9013f6bcc7ca72c66292267
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-javascript.js
MD5: 86efd35bdf0163af943091062e49d879
SHA1: 2aa874034b485c4ad6c59f6a309afdf65943b384
SHA256:9684ef65dbcebd56b5fafe80393e9fb384b07e4e735278a5eee5b2339646dbe5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-json.js
MD5: 9d759c61ff29c46591d2ffb5ddc6299e
SHA1: cb5791e176565ceeabc812a38f1d889f10093d76
SHA256:0fa2cdc3935169035b031568ccc61bee52450ef052ec906988adf888f41c9295
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-jsoniq.js
MD5: 901208fa4366c81bc0f7de54d7344a69
SHA1: 27b243c748e3c58776800078d3193f5471e55726
SHA256:d488c2e7cf9f3d1d4c5f4fe7e04a9aeb5716137e68aa4922b9eb60c53a178c73
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-jsp.js
MD5: 4b4521068fbbd53cce9669f6af8f64e9
SHA1: 68d00fe3997bf5adec51dbe0a60de13a0f7b4e2f
SHA256:6a3e28f5e2b37134aece892650bd95475ed15f52ade8891a14a7cedee55fa906
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-jsx.js
MD5: 024a3937fe5971f11d46fc7bbc672d80
SHA1: 7f997cd0a4339e958aafed87f178cc847afb6208
SHA256:5b959feb4507cb305336713568afe0743e5ded432db58efa37746bd2201c150a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-julia.js
MD5: 026f535fe159811e6857695e1203948c
SHA1: 648667b2b13dba07c3be971b0a6b9a8899783a8f
SHA256:b80b26363f99223881bb1bf9bb5dca8c568407719f459f948562b93d788dd606
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-latex.js
MD5: 2f4252450c1ea57275b9865e694dd0a9
SHA1: 6c5a41e914c18cbacc28c8bcbe8703788a5f17bc
SHA256:24030ea07418b9bef294c6ec182d8bb15795709967f9c88636875e13ea68560a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-less.js
MD5: 901d4bc6d5277150f156c4a147e10bcd
SHA1: 3541f06e18c984c623b58400d22aae4d2ee8c750
SHA256:1407948f8f7e39451dc9f9a4b367b68da8d2b90ea1f99e667f7a83d3c836fe0a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-liquid.js
MD5: fe727f0c88abf9919c5909e2c10af8ca
SHA1: d73005ab6448e99f1de807c38ee15d26f971d483
SHA256:2e9c9a6197f6cc61b6e178c7e6f0bfcff594f3c5c3c6e8501ef99c242a1daaed
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-lisp.js
MD5: 8e87cf6468ba3fe6180b8279b4f81b0c
SHA1: ac6ac32201420bb08723da8ade9372f89780c350
SHA256:c73e8b8c2442bbf307eca5079c81662526c708b843613905c3e3ca56c0df7d3f
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-livescript.js
MD5: 656229ac3743db87cb3e7c6fe51b7053
SHA1: effaad7e21bb8377ad291c4572124ad28632ee2e
SHA256:5b2adf7fc0a2933c08c42ed805f0184a552e6cc7f446dab0b186aff57afb0607
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-logiql.js
MD5: b385bf3ab6324fb27831d2909093a170
SHA1: fcf937c5760dadf5fb67dc54c6953f6f23299bee
SHA256:d791c99f5692f3bc07697cc31257d9196f650e07240bd7dbeab68b3f6c425c48
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-lsl.js
MD5: 3addbe64654f7121488d2a7eec5a3597
SHA1: 2b0282f2088792196fb64dda5768b3a31cc426fb
SHA256:937e8efc75a8e1a1c7fad7eea5fb69001b03cfb7f5e32709ab5570d030425d85
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-lua.js
MD5: aa2ed39752c23a716f93a8ce919542b0
SHA1: bf38ba3b5c5979acd7fd0931a873eb50866a2b66
SHA256:938cf10f1bdf59143adea4a9560024e4baa5e1f316a450344fc1a77ba601fed2
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-luapage.js
MD5: 203d926608a31ff885142c9d9959db6c
SHA1: 5946990f3df697276bf84cf3b55e4b055942e53e
SHA256:d8f451ad32b7e870a677a0039d7255f88110ab3e107ed8d64f4f0e6c40f86dfe
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-lucene.js
MD5: 159c0409216b1fb52765084d332cdcb4
SHA1: cfd998ef0af28bbff70c4eaaa39e782b0197a75c
SHA256:99527a221c20fce90bc469042f777b32506be34dfb60468b405ee921c2600a08
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-makefile.js
MD5: 4c02f819ad933e2cb31fc80090c39a6c
SHA1: ffee2a6f798d90ed2afbca4859994b1ff6373211
SHA256:5b7a8818d46f9165b6b76e4253005f8b20458245eab1f1de43101a122868aa98
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-markdown.js
MD5: 3fa1c8a1b7de1229e69cf15baac72cc8
SHA1: cec4681fc240aea5fceb3b7a7bcbe266fd1d5d19
SHA256:f9603d4e5062ef1f3b02cad527fa28e1f2a1b55e006845b483ed1df56852788b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-matlab.js
MD5: 10ee8744620100a8202965b2103c55bd
SHA1: 28ec4250ddce9af4f22cdcba21e812d7b2aa961a
SHA256:9af100cbe0027154875ff27dee0d96f8dc6a54b300a4316be97973a974042e45
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-mel.js
MD5: 94a4c6cb25ec313aa11be6c548058432
SHA1: 641127cb6497a3814b6fc30a4c593aabd3497077
SHA256:1bf3ff662832910dff65260de6374be9cbf62cd8196ea2122af34791fcb0dcd5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-mushcode.js
MD5: 8bdfed0642366d88444159eed8d7a30d
SHA1: bf2bd0945ab4469101e98559991b94d53ce73a65
SHA256:72b816b017c85cad5027f5f471b6a09add0a3702cae6ac57c4de676ca3cbc4cd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-mysql.js
MD5: 93808281dc2633ae384223198f379130
SHA1: 533517f6e9d4972206d2fd64b1e88b72166cdf13
SHA256:2fffbccb1605bfac7b3782a59994ac8d93e6fae636eb90da4b0a29499399c7bd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-nix.js
MD5: de3d6b8ab2c87f310a2cb59ac0678189
SHA1: 2d440695be0dbcb66c26fbbad240c015a1560654
SHA256:fefb8033ce04dbc6268b3a28a84837afec420e37111ca166ccd6283f4635e540
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-objectivec.js
MD5: c02fabca5924451c06877c45aa7b1e79
SHA1: 2b3d0f3265436674536e146db2dfd1c17abc565b
SHA256:1d97bbe689ec0a7322a56ff3ed661a564718a002110f499f33fb0296b3506eb8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-ocaml.js
MD5: e23c58c374c0b061c700bffe29a32dd5
SHA1: f325222557c03e16a35cfa5844bba3f9a0936fe9
SHA256:e76e949c6168f2c658ac294f88bccf576ca237246da0ff725ff07fcdf62f054c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-pascal.js
MD5: 9e428e7ca8568e2f5532ce6c4fe44bd0
SHA1: 8430f40dd3de094faccc31e2d2f966e866046375
SHA256:d96ad515f9614daf854854cb64669dabe55ab3789c0697aaec4465da27e997c7
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-perl.js
MD5: 5d7cb2cd6ca3b8285a45eb664974d8af
SHA1: f863d9e68b46dd56fb868c50c4cb09a5662e631d
SHA256:e1bad02e3421740082dce9a25c235a5b6f3d90b5c28f7bb5cdc6e374f66c407e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-pgsql.js
MD5: 093a2e364562b46cd6fcf19a3011062f
SHA1: 27ba5658038a9776403ddad25a7ccc2abf1ad744
SHA256:06e0e76b4effb46201305a193612d170c7eb2c26ba7dc0e55fb39b47a98b5017
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-php.js
MD5: ff7c5d43996a19fe4c68ba89fdb618d8
SHA1: 542b2e21fa3039242371784b193fb35eb00104a2
SHA256:ef18eddebcf4a4528e1bfc40f4c07bc6cae1b84c831e747d17783796b7748e94
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-plain_text.js
MD5: 307ea04645617d071a40ea68616727e3
SHA1: 7a3cbc6c120ebf16297c7586aed0dc0d813757b2
SHA256:ffaf7950cac592e7ee24d738bbcdb17abcae9da8e2fca8ec6ed042abc269a2d6
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-powershell.js
MD5: b7c55eaf54a12f4944075569d071f36a
SHA1: 2cd925e4cbc5da8832bf89c87782e83a7aaad852
SHA256:f3cb85e64e05e0821e54d4b1aad39050aecb01552c7212be655a6e3418d0696d
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-praat.js
MD5: b6bc2559cedaf475896ba5c36d6d6413
SHA1: 1b0cc3bd78f5ea1586d520c7acd3cf98b161dce9
SHA256:de9bd933f7be3839ae6bb22992aacff7dd6906599fb8387e63f9376ac69f8ca1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-prolog.js
MD5: d2ccb958fb2949b978ec7ba8e2ce9ab0
SHA1: ea35c975e118b1ba04ffcbe1997c02a09e1371d6
SHA256:a8bc73688d8bab9ee164a9b4cfb2aff39e1783fa05eac9d4bb71ae71c6d3d413
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-properties.js
MD5: c9ec6f1d0e0f4590c377ac4d1bc7f44a
SHA1: 4946068711d343edc4b739fe15ae29f728ae8674
SHA256:2a9cd496834c2d5b08c7f18ee04bf99be119dd07d26cf44e357e77d9b57d92a1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-protobuf.js
MD5: 49381753e845704012434ce3a02b6bd8
SHA1: a27b43df86ba8b71746d2eb8bbba47c4248572b5
SHA256:c3f75a3e0be81e9e6f0ca6dc79b7be5d5f35eef736f731f344f8648149f141b4
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-python.js
MD5: 1222d82ff689ca4fe3e9f3cc975f51aa
SHA1: 2195e5d05b7cffb60a0e4433fc5315ba8591bfdb
SHA256:b0976a5c5c2c7b218cd79255394f573768133e476d5765b5e2345835e20ae993
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-r.js
MD5: 9db4909e0b7d31a386254c47a2dfc865
SHA1: 9c2d9502aa47eb712ae67189adcfffe979247712
SHA256:1da5b2e744614d8a3a2591d93ce0294fb349542899c91e014e74ed5b73f5be60
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-rdoc.js
MD5: 2a272659f2b690791f70a47f6be53b74
SHA1: ff979533df45419cda74b2cb8dfdd7b883eaa4bf
SHA256:0b8fcb9e1f77e6bfa6f9293b1420ab18ba26eaa7cd443c3adb726d137b994982
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-rhtml.js
MD5: 427abcf3e70c63b36f7e07316faccbe3
SHA1: c15eca113801ecf69fee0e668a30f598cdd40c79
SHA256:013a4f20b47544e509d8fa0a5eebb4bea2e33cfab312c55873f5f05d515580e6
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-ruby.js
MD5: 4b04502e9720982fab6f2081d416d718
SHA1: 5076030425870dea8af02432ed26bea2b46c6c53
SHA256:4c5f5f16f1a5a06face6e84a14f10ef4f7664492be7a2f8670d1f9c5a6790ac9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-rust.js
MD5: 22ad9168b45be78971ee9fb82caabd60
SHA1: 70623dd37cf60a86a0f6ab8f031458d358cd1a9d
SHA256:1ebe52e15b9bcbeb67565b3aa277bb85262fdc25f3730a3cabac9b4814466401
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-sass.js
MD5: ed97aeecb961e3bc4b235d48c928bd4d
SHA1: 716236dca20ef3e9bdc0039c582cb2873d411837
SHA256:16092df9c8af4de3449415dbf7bc9200febb5e70e055f13a63eb76c23c243f71
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-scad.js
MD5: 3d161ffe52b42ea701891c3688d75827
SHA1: 397ab8c858c7cd2b69ae3bc0432d9bb51a208a2f
SHA256:fe4c4475d123d64b28a603dc93bc22a68015ea0d9ea46c37f5704e6ad013fb9c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-scala.js
MD5: e4514cfc1ef52d671cba3bdff4e3f420
SHA1: 27d32a83b72f0d058fa74a3cc900643102e806a9
SHA256:f32476f483ace614554300703e274ce73a4d38e2b0639e9fe1f3d2a9404d4a48
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-scheme.js
MD5: 5443eda9445bcf1ee61272a5857f18fd
SHA1: 3abd3e894739f12ed603a825667eb9ae7988a902
SHA256:a41176db5f59a33a8816adc240ce4c10b1caa31403004218fab647a085f141dd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-scss.js
MD5: e142820a1caa77a546e836bed9e742eb
SHA1: a593a4cb3727d183e6fe9b7536424a93c5a032d3
SHA256:6680d830d808010f68616d53248c1407532a1ce8814fbe8bf226c124fb470fa6
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-sh.js
MD5: 03cda9636498f2fdc7e28f1eed4b77d7
SHA1: 14736d00bc1aaa7ecfe2cabea3f77916a91656ea
SHA256:c8598804fcccc1c2810bfca614a88e433048912a5c116bdd72061d3152627700
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-sjs.js
MD5: 6e5789d8c51c2e129a6ae3d33cef292a
SHA1: ddbca57d5310bf7f3488d350cd473aadf638f4ee
SHA256:1bb53312a896126bbfa15cc7dd238a657265243693f40141f1d491a3331f5ee9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-smarty.js
MD5: 15366085316fe2ef30fa9abf2991956a
SHA1: 789ea45369f1fd2f0f0a9ecef175c58fec2f3c88
SHA256:2f24ece846afcb7a8ce062c52ce5e634ddb4917dad6c5bbda784e41df76c3731
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-snippets.js
MD5: ae3d75b13bf24535b76f133171fb9ad1
SHA1: 68a9f8b4e1e8e41352f6a036c6135ab7271aac9b
SHA256:c13727e03b09fbd13eb1e0039f68f8212a8170a893d385f1b9d7c783072f11f7
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-soy_template.js
MD5: e48625d3b05ab453e45b89714884bc07
SHA1: d3e9106dc1dbd92d967a8124a7b6151d3d3aca67
SHA256:2ca0cefaeb98ab9e854db81638f7fa52b05c108012d77d56d58d16c46a15e5b9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-space.js
MD5: c6f2f471284e37c653b9048355e50d26
SHA1: 3a70c2b2e1fa1e79d486c83ef45ba26d6ff542e2
SHA256:ffbca2448df3115e45284c4b75cc867071daf1c4b9b9a499c25ca6d9da262406
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-sql.js
MD5: 288912afd57113bd471e2d50ee4bb73a
SHA1: 330378c69771e58888dc5e11a79d49d0972bacec
SHA256:7d000af859ba26129eca6264781a0247f276764400c00a5fe73d38baeab8a159
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-stylus.js
MD5: bd06a8762bc09917abe410cb8c5cd011
SHA1: 7261777a6f48c383fe15675a422c4dc012ba5917
SHA256:1c6344a64604d4fbfdd00965ece362a3058b1a6dce430db0a0b9df5956e6c4fe
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-svg.js
MD5: 7a11665a6b56a44a47704be8f5828906
SHA1: 20b9de5886c07d6d63268623d185f5d37d10bb9e
SHA256:d6a51c38392220407c4966b3553084f9e317c0a4f7659efa9f027b9c244f97e8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-tcl.js
MD5: 486892badd5300892880badf58de9c2f
SHA1: 97c14abf1f447f9dada37af542c8769752c71cb6
SHA256:9ed48a22ab29e369fa5c02446cbd5f26773aeeb26f0662e23abe373e28d2717c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-tex.js
MD5: 8823b398ab5eb14dd857a13919cfd233
SHA1: f071cb91fd3c1f45f55d6f12142ca2a0a70d2400
SHA256:a27a263467d4e0938abde476e00c0d971352f6d1a22bba56c08a32771297d097
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-text.js
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-textile.js
MD5: bf32822ad8ef19624223e9da12ceef5f
SHA1: 158eef889866412eff4eede5a458dee41bef139a
SHA256:ad9fd3050abddbcde931add189963b5f7ebdb77e6cdf4f2acda864f7cf082ad9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-toml.js
MD5: 6bd1792bca756013cce489d03dc7b4d6
SHA1: 7d56917b774762309339f3cc30d4b60e9d91ebf1
SHA256:74e309dec9eb717026c39a45342176d7b064fc008b15f77b0eb0cdbed88eb426
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-twig.js
MD5: 4bea14e3639e442db6e04eb59e40a5f9
SHA1: cf6ec37f8da5fedc33f47a4cb540fb086ede5cda
SHA256:ac74f85c60f75540756e758ecf84dcb67191e50079754dec7eee8a75277decb7
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-typescript.js
MD5: b3e09a7000f5e8e03d7528403561073a
SHA1: abab0dcf6e351d9cb3300882984376ff660dcb05
SHA256:007e44b0f4498796d57af886ca013d3ca5b91282bce8a65cbb72f8176fb22e30
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-vala.js
MD5: 1e32b5d737b93e9093ea428cb24f3ec6
SHA1: 20256e9436f5e55258d4e5dc9a951e14012445eb
SHA256:86a028bbaf54a679584223cc63086335148d154cebadb8d3a879a35a1d53c0eb
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-vbscript.js
MD5: 5a696d3883ffeab73dbc8c410f049763
SHA1: 893b9a7a7a0dc558c4f27ee4f4f4a6945a3bed4b
SHA256:bd4861335c99ba6bd57268b4995356d3118af8b7baa0deab8af47667b52dccef
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-velocity.js
MD5: 0eea78d5f6ea11507ebb73541446d498
SHA1: 2ae34cc9820eb5dc16fcd104f49ce56cd1a6fdfb
SHA256:f7ea51037fb28b4e87ba5289d9a3ecf2ead96948ff6da21aa7d9488a9847dd5b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-verilog.js
MD5: 417486234006a897a45c109bb14d9a6f
SHA1: 2ac6b44499c3ba7e3a98ce50b4c21114fb4d1c2a
SHA256:4ae8c4a4f07ffe580e7626283725e07fd684d3e4765612fd302bd5394e48b4c8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-vhdl.js
MD5: 766bb2a9af35579f23442a5c440f93e1
SHA1: 1c9fe6ee4c26bc522e99b576763c29624d89a573
SHA256:89d5ca01925e192d8364d171dfc6e7fa06060fa2c3e6b5d1956bf246ec0b9cd9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-xml.js
MD5: 2b20b7b1fb44350158aa9153ce6a8bd4
SHA1: 83c6a647c2e5c2c01810e95e1e7dd205e81b48cc
SHA256:824249dd5cb42d9e2e34defcd23e7cf5d1a7312b26d8f3aa6ba39bac6c4b34a0
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-xquery.js
MD5: f356a287cbe29a0bd79972fd9bcaca73
SHA1: 524991ebda820d0b9a13ab1377572663b7014c6f
SHA256:97ce1ffcbbf1123ae77d670f115e29b8b942b2ac7e0c94eddf848f736c7f419b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/mode-yaml.js
MD5: 96cfdb5fcbac77d51ed2375e35d96ed8
SHA1: 36db4469353b01ae6c7ff0fe8cbf6a4a20c5bb47
SHA256:a55a51d5af76f22e65bc92dec13e2fb71953a8a28489b98199daf5e16e04966f
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/modernizr-2.6.2.min.js
MD5: 42306a279a9e831515347ae319181cd1
SHA1: d069641242e4fe1beb6de8f53a77dd964c98bce0
SHA256:cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/mushcode.js
MD5: dd465b5b7ed8c0ce7f7028155aa95b2a
SHA1: 6f1f1c9adecdb2674c232f988f7ca7d1e718eb07
SHA256:900dcb4a0aa258cdbc4d1c8367bf07c551f8e382199ed8c4cdd92d4157bcca13
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/mysql.js
MD5: 2a17764743409ba938aef3badbf617c8
SHA1: 81d27059e7543eea18291206a91c24ef7fa3ebd9
SHA256:b1a3ce3bd938b47597e9201b3a270fc44868118d9b2b1c0759f5e69c2d243bfc
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/nix.js
MD5: a568509292dfba3f307079e2397078ba
SHA1: f1b639807b5cab5e85a88eb9ba0c9e58dd86836f
SHA256:d7ceaeb351e381b3b6f7e54d6828d23b625d9a341d1f534912803511c483f682
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/objectivec.js
MD5: 8890a8c10b0c273fdc16697669a2322e
SHA1: e5ada579bc5c2178714d5615c98d7a5221a8ed75
SHA256:cf4ee4a1eb1c89fe2338fe00c28de846cc07472f37b65f9859c585435eb0f12b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/ocaml.js
MD5: 9c990786647cbf6608774aa71282cace
SHA1: 0f3727c3947ab86bdbd6b6abfe7c54324576a0b8
SHA256:83bae4f82dc9b6c2f865e5c5a3094b55faab6a1e837e60387af23ff6f97e6e6f
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/pascal.js
MD5: adc8e186b157d349b166c37e0d88ab57
SHA1: 6b24b53eeb37bdd399e8687bf55eb8e5fc7b1a69
SHA256:c4a2044227d9f5a991738c943f86ae70ff200cce30794407827b887118db7c7e
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/perl.js
MD5: 918bca54ca8062e9c55f429f52427848
SHA1: 05acf2f3dbce35e5253de159012e3164f2af4a1a
SHA256:0f3c811582261fa9e242ed0dd8b5bfce91b0a268988730b07f6ee0c8965775ac
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/pgsql.js
MD5: 9eac0ad7187363253f7ed53f7f70f21a
SHA1: 33992210af6dd35e97d292f51431fb52e4c9217c
SHA256:ba391e703c549ba32a3e6deebb016b4b980819c4c78e2519eb9e361936216e25
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/php.js
MD5: 2eedb81708f48dc9e14783b0727267ca
SHA1: f75a6db115b684849c000f61a4284d092ca6608b
SHA256:dc7ee89607dfc53c7af8b5df402ace2d7b87c3dddfdb76372ec4fce3e4cd01bc
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/plain_text.js
MD5: 0df87b08c38746d64a15793109f55b84
SHA1: 62d0954cae734872ed3e0320c259627f0bb90c45
SHA256:5f1cf648d974351aed07a6e5210f211de8cabacdbcf40e2eb8762fd3cb9b89cd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/powershell.js
MD5: a89d0e30c18ecc38a8d6f3382939ed48
SHA1: d706df8123a971e249ed68cc14840517d1e2d5ad
SHA256:de03160e6bc8cd21ae1ecedb34425111aec492ca9a8f7f50429f6ef13aa09509
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/praat.js
MD5: 1bda450b3978557555a4b4aed969aa52
SHA1: 45012688ebfc60381081d887df1d2c899cff9515
SHA256:0916431925327891ff73740edd069571f3b0af6d8e230a5e80b4c1a9e56bada9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/prolog.js
MD5: 957e15bb7531acd1afafeeecd7844064
SHA1: 9391333deb677b04bf267400db6a5247f7596edd
SHA256:f8402a4837ce7c5869d53803f7a8dcf5fbd3fdff8ce415bcfa88b498e632f24c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/properties.js
MD5: 99ba24f19416ffdff483bfa15c13e456
SHA1: 2c9851c648984a2384d5c402d91a6e7ce617e9e9
SHA256:004c524f1e3814ac10cb1c885bb4691eefbbd771116d5bc8acae437ba3a26ba0
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/protobuf.js
MD5: 3cee079704fd20bec037100331e85302
SHA1: f590d5b73b393e3d867345e425770146d12ae595
SHA256:f9885a7eb8e4876c7225f4faa34860dcf8d5b80949bdb7a222ed961077c66781
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/python.js
MD5: 99ea6bc1e2069b1c0cc4b1cea5a668ab
SHA1: dc0bcbf103d5be1917338004f3e74482cebda85c
SHA256:480352ec4e7759610ea5ea78ec2d6e7944a83a72929efe52fabe1c092567dc82
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/r.js
MD5: f0f4de31256e101910450672810cf07e
SHA1: ccc03e1220a45fc5662c0e83480d3fac39e5dffd
SHA256:3e75e1543cf32b5c6a9160c0525b0cb4694c635e90dfb0de0a788e5477677f6b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/rdoc.js
MD5: c33ecbf45a5ab34e1c47f1b04b2574a0
SHA1: 7d63897ec031d5cf653fdfc42070a4d24d822b7d
SHA256:45d836192ae0f9273d2d08abf0e1bb3a4de1071ad3c98ac90e62885538cc1223
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/respond.min.js
MD5: afc1984a3d17110449dc90cf22de0c27
SHA1: b5aba40d65b0d6f85859db47f757ea971a0efd30
SHA256:83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/rhtml.js
MD5: 1575fc062cdf09f1874df8c9b0bb3a2f
SHA1: 9bcfb15b9cb7ec81460a66c75772bb47a3dca640
SHA256:2679a06d391ac62dfc0c5eb05b650f2eef1137364211145bbb75907e64ec15b7
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/ruby.js
MD5: 133a59c01cc787b3315dbc1094623242
SHA1: a3167f3549fa4faefe543f545b90d153ccc0f0ad
SHA256:a0a8f2ad4f6d35a6034e270637262c81a405d6664250fd7cb5d9564671188d11
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/rust.js
MD5: a684b65a9f2ab2deac204071a2219d7e
SHA1: 9012b770630d1f42285c45094d3bce30596d36b0
SHA256:d3d50c3620ed8a44cedd034c3e45dc72aac966fb1f710311f45f09b826585005
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/lessonJS/sameOrigin.js
MD5: e53db076594916c054ef189108deb1db
SHA1: 6fc41ee74d524e81ffcf4510ba38c97f2b146179
SHA256:38dab7f21bd2373dfdb17b97a7948e84959047b6abb947931b445b8dd38dcf77
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/sass.js
MD5: 25c61ca4750566daa9a0e4d80080c6e4
SHA1: e838faf42913e44903030748af8d15b13bc4127d
SHA256:616f0fe704e50a80b48d0fbaa42436784e04de125a1a77b7ad1dc105f17cffa8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/scad.js
MD5: daccba19a383afe01b4c3570582b88d7
SHA1: 9c1c8ec8a03a9a1527b58afff118de0b40ada8c2
SHA256:18513c92c3ca36c863edde5b9d91e1772c2602a48950ec87756798542c2737ac
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/scala.js
MD5: d2bc07b20995ea3186e1f8725fb6eab6
SHA1: b25cb6c282b2a154672a1a563be17e96c25fe38b
SHA256:566d1da40c828b5bc6d8f0ed8c952edc33ac35e8adb8e38fd770e9aa08ca6551
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/scheme.js
MD5: 338dbf30fbc56a480b26de3c3910ffab
SHA1: b54f88a7d7d8d80ad251960800bc13a585208618
SHA256:1e0693dd5a09ace4612ecb038f44ec7d306ea641a745e1f320d8094adf441c08
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/scss.js
MD5: e94502c00ab892915eb3248c1a3e518a
SHA1: d83e5ded38e3959bc86a535726d6f956e467c20a
SHA256:c821af4cf8e958a7bedec3d79c3ddda3d320c443e053bae65a86a80c21e388f3
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/sh.js
MD5: f0de708dd69c6c9028b3989cedfaa83f
SHA1: 83f59d089fc8462f46c766f99e2de22bbbfeaf8a
SHA256:4f5efc54a475c03a0ddb57c952f5b7a31d3f1f7f543c7e19e098e9b6f7bdd212
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/sjs.js
MD5: 3787a976a24ef8d4e90a8b31ceaf547f
SHA1: 8ffc9456e5ffbd1f7ae08802d80e34f0f785963f
SHA256:dc7c6bbabc919848c39f8ba0e2ce5d22de9db7f9757224dbc7cce590f82da913
Referenced In Project/Scope:WebGoat
Description:
The slf4j API
File Path: /home/josh/.m2/repository/org/slf4j/slf4j-api/1.7.7/slf4j-api-1.7.7.jar
MD5: ca4280bf93d64367723ae5c8d42dd0b9
SHA1: 2b8019b6249bb05d81d3a3094e468753e2b21311
SHA256:69980c038ca1b131926561591617d9c25fabfc7b29828af91597ca8570cf35fe
Referenced In Project/Scope:WebGoat:compile
Description:
SLF4J LOG4J-12 Binding
File Path: /home/josh/.m2/repository/org/slf4j/slf4j-log4j12/1.7.7/slf4j-log4j12-1.7.7.jar
MD5: 4d2be9dc9aa3d08dba9daa09ed917526
SHA1: 58f588119ffd1702c77ccab6acb54bfb41bed8bd
SHA256:dba4c3c10321c86a48d689354fbfd9772a65e51e780d1e5378a5ece2e426a8f8
Referenced In Project/Scope:WebGoat:compile
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/smarty.js
MD5: fc26d80aa2203be77246ff569cf716fd
SHA1: 30e27a52fa1d548327a9f2143572a233255fb7cd
SHA256:a8d2ff79a81ba57cd659594fd061eddf2d974bbb89f05cfce577d7b8d198ceb5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/snippets.js
MD5: 6fa908b1c608672425734aba72251b34
SHA1: 683799735cfa017d143785479aa77e0685362abe
SHA256:f5b3fdbbe1cf3d85595c742df90f27f06fce4e56998d1e7c94826543478300a1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/soy_template.js
MD5: d686d1cce3180748290f610b1ea2280c
SHA1: f86fe307ab765ed33175d0612103fdcf7c12437b
SHA256:95f8fa050986ae6e448798fd973707a15a485f2a246ff27feea7f7b9d91be826
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/space.js
MD5: 68a6c0124a02f32a11b34d5070b27846
SHA1: 3eefa47b760639c0d41d70686c440db1d0065930
SHA256:d038224552be631a9ddf63ac5282105a1320fdf4c28dea9f0a019e92f14ce0ff
Referenced In Project/Scope:WebGoat
Description:
Spring AOP
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/springframework/spring-aop/3.2.8.RELEASE/spring-aop-3.2.8.RELEASE.jar
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions:
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.CWE-94 Improper Control of Generation of Code ('Code Injection')
Vulnerable Software & Versions: (show all)
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.CWE-94 Improper Control of Generation of Code ('Code Injection')
Vulnerable Software & Versions: (show all)
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.CWE-552 Files or Directories Accessible to External Parties
Vulnerable Software & Versions: (show all)
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Vulnerable Software & Versions: (show all)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Vulnerable Software & Versions: (show all)
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.CWE-770 Allocation of Resources Without Limits or Throttling
Vulnerable Software & Versions: (show all)
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions: (show all)
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.CWE-178 Improper Handling of Case Sensitivity
Vulnerable Software & Versions: (show all)
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.CWE-770 Allocation of Resources Without Limits or Throttling
Vulnerable Software & Versions: (show all)
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
Description:
Spring Core
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/springframework/spring-core/3.2.4.RELEASE/spring-core-3.2.4.RELEASE.jar
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions:
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.CWE-94 Improper Control of Generation of Code ('Code Injection')
Vulnerable Software & Versions: (show all)
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.CWE-94 Improper Control of Generation of Code ('Code Injection')
Vulnerable Software & Versions: (show all)
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.CWE-552 Files or Directories Accessible to External Parties
Vulnerable Software & Versions: (show all)
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Vulnerable Software & Versions: (show all)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Vulnerable Software & Versions: (show all)
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.CWE-611 Improper Restriction of XML External Entity Reference ('XXE'), CWE-352 Cross-Site Request Forgery (CSRF)
Vulnerable Software & Versions: (show all)
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.CWE-352 Cross-Site Request Forgery (CSRF)
Vulnerable Software & Versions: (show all)
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.CWE-770 Allocation of Resources Without Limits or Throttling
Vulnerable Software & Versions: (show all)
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions: (show all)
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.CWE-178 Improper Handling of Case Sensitivity
Vulnerable Software & Versions: (show all)
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.CWE-770 Allocation of Resources Without Limits or Throttling
Vulnerable Software & Versions: (show all)
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions: (show all)
Description:
spring-security-config
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/springframework/security/spring-security-config/3.2.4.RELEASE/spring-security-config-3.2.4.RELEASE.jar
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.CWE-287 Improper Authentication
Vulnerable Software & Versions: (show all)
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypassCWE-863 Incorrect Authorization
Vulnerable Software & Versions: (show all)
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.CWE-417 Channel and Path Errors
Vulnerable Software & Versions: (show all)
CVE-2018-1199 (OSSINDEX)
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.CWE-20 Improper Input Validation
Vulnerable Software & Versions (OSSINDEX):
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.CWE-190 Integer Overflow or Wraparound
Vulnerable Software & Versions: (show all)
Description:
spring-security-core
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/springframework/security/spring-security-core/3.2.4.RELEASE/spring-security-core-3.2.4.RELEASE.jar
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.CWE-287 Improper Authentication
Vulnerable Software & Versions: (show all)
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypassCWE-863 Incorrect Authorization
Vulnerable Software & Versions: (show all)
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.CWE-417 Channel and Path Errors
Vulnerable Software & Versions: (show all)
CVE-2019-11272 (OSSINDEX)
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".CWE-522 Insufficiently Protected Credentials
Vulnerable Software & Versions (OSSINDEX):
CVE-2019-3795 (OSSINDEX)
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2019-3795 for detailsCWE-330 Use of Insufficiently Random Values
Vulnerable Software & Versions (OSSINDEX):
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.CWE-190 Integer Overflow or Wraparound
Vulnerable Software & Versions: (show all)
Description:
spring-security-web
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/springframework/security/spring-security-web/3.2.4.RELEASE/spring-security-web-3.2.4.RELEASE.jar
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.CWE-287 Improper Authentication
Vulnerable Software & Versions: (show all)
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypassCWE-863 Incorrect Authorization
Vulnerable Software & Versions: (show all)
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.CWE-417 Channel and Path Errors
Vulnerable Software & Versions: (show all)
CVE-2018-1199 (OSSINDEX)
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.CWE-20 Improper Input Validation
Vulnerable Software & Versions (OSSINDEX):
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.CWE-190 Integer Overflow or Wraparound
Vulnerable Software & Versions: (show all)
Description:
Spring Web
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/springframework/spring-web/3.2.4.RELEASE/spring-web-3.2.4.RELEASE.jar
CVE-2016-1000027 (OSSINDEX)
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions (OSSINDEX):
CVE-2014-0225 (OSSINDEX)
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Vulnerable Software & Versions (OSSINDEX):
CVE-2018-1272 (OSSINDEX)
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions (OSSINDEX):
CVE-2013-6429 (OSSINDEX)
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.CWE-352 Cross-Site Request Forgery (CSRF)
Vulnerable Software & Versions (OSSINDEX):
CVE-2014-0054 (OSSINDEX)
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.CWE-352 Cross-Site Request Forgery (CSRF)
Vulnerable Software & Versions (OSSINDEX):
CVE-2020-5421 (OSSINDEX)
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.CWE-noinfo
Vulnerable Software & Versions (OSSINDEX):
CVE-2018-11039 (OSSINDEX)
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (OSSINDEX):
CVE-2015-3192 (OSSINDEX)
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Vulnerable Software & Versions (OSSINDEX):
Description:
Spring Web MVC
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/springframework/spring-webmvc/3.2.4.RELEASE/spring-webmvc-3.2.4.RELEASE.jar
CVE-2015-5211 (OSSINDEX)
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.CWE-552 Files or Directories Accessible to External Parties
Vulnerable Software & Versions (OSSINDEX):
CVE-2016-9878 (OSSINDEX)
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions (OSSINDEX):
CVE-2018-1271 (OSSINDEX)
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions (OSSINDEX):
CVE-2014-3625 (OSSINDEX)
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions (OSSINDEX):
CVE-2014-1904 (OSSINDEX)
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions (OSSINDEX):
CVE-2021-22060 (OSSINDEX)
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.CWE-117 Improper Output Neutralization for Logs
Vulnerable Software & Versions (OSSINDEX):
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/sql.js
MD5: e7808496091045a2583c347aa7af0c9c
SHA1: 5154249fb24f304be6f7498ad2ee67260dc1f72e
SHA256:8c5ba60d46557cde8229cc369dfbfdf30a28952f4c5a76babcdc517124ca6566
Referenced In Project/Scope:WebGoat
File Path: /home/josh/.m2/repository/taglibs/standard/1.1.2/standard-1.1.2.jar
MD5: 65351d0487ad57edda9171bb3b46b98c
SHA1: a17e8a4d9a1f7fcc5eed606721c9ed6b7f18acf7
SHA256:2c0048ab3ce75a202f692b159d6aa0a68edce3e4e4c5123a3359a38b29faa6b1
Referenced In Project/Scope:WebGoat:compile
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.NVD-CWE-Other
Vulnerable Software & Versions:
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/stylus.js
MD5: 23d9f26d77116ee4fcf16af0be13d285
SHA1: e39f35822b55ef209eaa308431a363e89ffab1d7
SHA256:e777ba374814feee27448c2cd60bcc34ed07369af34a4cd57cc374d32fcca99b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/svg.js
MD5: f022c569e7de02ba52511fdb3eac6aa2
SHA1: 87461c74c6f449595b10988861fe7799cdd61cc4
SHA256:719c599d1b2e9cb933ba0f8d6a3fcbdd6a0d5fa32b36b60bee8c73473d90d51a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/tcl.js
MD5: d632f4312ae3ef5e47e02aeaea337748
SHA1: 6808c49b03e3e82a4bdebd4dbf3220eb55c8a134
SHA256:bf7c316d8e20d0cbf9db5b6d2501a2aa437ad30c4a7554a76efca6f37e82b0b1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/tex.js
MD5: c8cb68d16c97da40187d41ce9b6d9bc5
SHA1: 01ee0b4417772c1e3b48c1e4058248f36d3bcc72
SHA256:452dce41b501c823a0193c91c3f972c4a12b6449072fe71a9a468ba76f015ada
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/text.js
MD5: c16d866c5258def1770d687cb91b7b32
SHA1: 305c775525c7254271b6b6a5623090d2e16ff3a8
SHA256:0c6ac53b78ddf33bf77b96296d56276a7d789803c6cde80b83c4b676e917c605
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/textile.js
MD5: 949fc5705c8adc2e6092ece37e37c1e3
SHA1: c1f578047defa397dac25c10b5f2cfb393298258
SHA256:9d9ff2c5874d4a7baba6ee43b704a0492d33efa854a6117b4cc9a6c38ca23463
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-ambiance.js
MD5: b42d366b8dd4dccd42a003fac6454bbd
SHA1: e4c1988be706ad056d09ca05009afe70e2a36b2b
SHA256:809dbc681d422041a2ee7907094a598b97488b497d342da335783499f8b66ff2
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-chaos.js
MD5: df478f58d69a1781045832ea8527969a
SHA1: aead68e83c088091e2282ccbdae58204ffce8729
SHA256:10fde3cad1831134589c96f9bd1b6620690ca19436ba7dc4ca4fd8d691754488
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-chrome.js
MD5: e28d16cb55d12000ff675beae3b58d97
SHA1: 347ea57ed93450ec5f9e9fd68c64aa33d0242a31
SHA256:8e37337aa59ba2d2dba9960ff20b54f4dfa68d65397eec73333dc587ceaa75f5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-clouds.js
MD5: 2b3fb82560afac1e36e0301f8538e4e1
SHA1: 4382fa10cfa64697945ed59f3982174246a2004b
SHA256:791d892b8d8b0612f2a46ba2c5089561f5819604e96892f12d93c7caacacd9de
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-clouds_midnight.js
MD5: 029f29b4cccc6ea53209709824ce8523
SHA1: 3b8328bd09fabfa5de323b27024d1f728969f2e3
SHA256:d1549aab8a597e1905f29e003065c271cd0b5acd1a5ff24ef47a17e0244eed1a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-cobalt.js
MD5: 8f4a8bea597055b362e6ad4bcb2c9537
SHA1: 0840c6a12a302e3ffc0d21c8a0a36aff38b0b83c
SHA256:ff81a448e9a51b71f22c0e9808b31281c5601b1fb206c8a16f6e4837976774d3
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-crimson_editor.js
MD5: 6fcf7f36adc7dd0772f6a78b7a1cfb1b
SHA1: 456844976850720e3f2b1b7be524a90006c83dc7
SHA256:ddd14aec4e51c2c889094b483c6445a65e4253900cdf252456141ed326be07c5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-dawn.js
MD5: bf750e9787eb8914e3fcd51ad8656c83
SHA1: 420d79c14549058bfd8e9f54b60033ef73f27f16
SHA256:dce9dc0c6a8e8309b163337095ecf28ea0b5fb320b3441ce0ca015e141eacab6
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-dreamweaver.js
MD5: 0d94a5f1425a71bb9309acbb85243499
SHA1: 8b8e4afd106ca4ba97219b63e88d027cfff9de5b
SHA256:84a65c2c0018936a9342cb19dcd3cdb099d6497d54070e42cd9129325ee7ffde
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-eclipse.js
MD5: 49a60b5fa240facbd0e67be2f3c31ec7
SHA1: dd78050d56559585e70d14a72bca9b9a24ea44ce
SHA256:fbb76ca993cfe55ae6e7992770c3dc5f8e0e8a00c90e6216ac445d250587b2d8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-github.js
MD5: efd1228de47c8f9a3ec6af6afda4f1f9
SHA1: 461e22123120bc2380cae91fc975da856f3eff28
SHA256:000fcd65b5e2332ee9c531be902099b70bef970b52e28b8514edafdf6ebd37b6
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-idle_fingers.js
MD5: ccf54dc232ffdd3eab092bc1bf2d1db9
SHA1: 3331c9afa9dd4c1b1522f1c32b5a6984268aae7e
SHA256:ecf096146c12a566314e363eec6f17d7912bcbf8f3ac2f9bddba3de7240e02a4
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-katzenmilch.js
MD5: 0ef3230818e44cc3df183d32276b2503
SHA1: 259c8fe15cbedec5f0d282398ed4828d1a2927b2
SHA256:ed0d09c5b7a67e8731786d0be5ad714da20ce42b898b9a75acc93d17fdc4b461
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-kr.js
MD5: 229eeebf1055345b4e714704de7b5ba5
SHA1: adc28c0064b60d6e27ba8f9ac8b6f2aaf652d388
SHA256:fec80c8e443f33b4c47864060652a7631e51e0706b62af7a74a142711ed538f0
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-kuroir.js
MD5: c2b07e6e0d8e0330c97a103a108c55fd
SHA1: 7b8373e0adab93669a9f8fb0162f5c52323e4cc2
SHA256:85ba1d13c2c56ae3e85ce33f1c5433fcdca1b27c5f31bbc1cb54310981752376
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-merbivore.js
MD5: 5323e08f9379db4d94782adb6607516e
SHA1: 62a183d7c4663a6ea9030d2b7e5c1d9ee46660e4
SHA256:c82c965b8783cca0fd536345307b7db6581965d1b37ebea9c64313f46dd868ab
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-merbivore_soft.js
MD5: e167abe3fa25d2140b6f6c6530c25199
SHA1: 4f434766e130ddf1cc5a1e473ee276ed6bee4333
SHA256:a3b7f2350eb7a895300d657c8f3ba673adb741c0da246f023072b36cb9d4dfbd
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-mono_industrial.js
MD5: 4d0e6e6f98fb7ee9e7ab705334af7746
SHA1: db096bbcbf90dd1fb7f95d26cc2c8f198eed58f8
SHA256:f00b10a1d23233bc13c8530e480ffeb47dfb20f84a6fbbd2768287b79c1424bb
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-monokai.js
MD5: 95f022ae5b166683cfcd65ce1397ca4a
SHA1: 0a19a5898e1b3db2d9075b2cf4b44227d571346c
SHA256:7564eb04b9b33313f01102ec8f9a04d3d44d8b74e1f71e41c5c6070557f3612b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-pastel_on_dark.js
MD5: 9c9cbf07373acdbd0d2f46580858bfda
SHA1: 39efd65c0f3f905af8b746e71300f1a3964a7838
SHA256:83e807f428b67aabc1057b4de5143fbcd7bf060ec574041f2198ab7ccb050f57
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-solarized_dark.js
MD5: cd01073526523203f7d0d04986cda2bf
SHA1: a222fe811edc6b900f5dae352fd2401497cd37a4
SHA256:aef13e0a91ba5a7189599856a7ed17e250af9e334cc5e587721895389225042d
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-solarized_light.js
MD5: 048e62b80b320c2e015a08e4dff44245
SHA1: 174bcd2dcdc9f3f1c8b26296aa39ab6d6fa48c61
SHA256:2d51d10cad5f008bf451fcbda47d82f8911ef23a02b2b3a411c7bd3d8d237ac7
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-terminal.js
MD5: 7c5f4500047a8372c4c41f5c50fa8c24
SHA1: 3f24387a0e7d2659883105b928d0c2b1ad9ada59
SHA256:75878cad45bd534fb1b3387b254481302906d748c656e4356664cf444c127f36
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-textmate.js
MD5: 67d533e5e031d96356c7a37ce99875ce
SHA1: 507592c68410919e7469c7a2d9bb88f58c7b0668
SHA256:8a7f87f2122b3668dba0037141e8d0d3726dc935ee85a654165cb2280721e569
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-tomorrow.js
MD5: 2d5ecc4463eabf613228a8fa1c5debaf
SHA1: 5b9a693bc7ac4e1a23180ef54c22508a89d3f967
SHA256:3c8412822d7021bec2451e4157c082abe551833439074f2224d67b533f169290
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-tomorrow_night.js
MD5: d779efeba2c63f2e72560b62d1b8a4cb
SHA1: 5b37014cd00f91a8d1e98eabcbb76962b475f638
SHA256:b1c1ade14ac5d7e45cca713be7a7f97a9c21e03444cf3f13a4566e187a9832a9
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-tomorrow_night_blue.js
MD5: b7a9b605c2a7e266a6ac1eecb9046842
SHA1: 98c5f20e583618645f0443f65c2eb74430121018
SHA256:85da320e078d1c2a8a73c195e4fc4705db50488712b5fa38f5a098355ed9f366
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-tomorrow_night_bright.js
MD5: e69c91095c5646408ba891170eeaa0ef
SHA1: 6641a3e50623b205e99e9dce34c295512a9dd552
SHA256:6e22722aabc9c2840396ebae24c2785b8ed9b9ef464bcc7195e04da7b23b2fe8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-tomorrow_night_eighties.js
MD5: 5434306994fd19c65b52447044eaecc9
SHA1: 690733d36db61b0e062f0842134ec324befca661
SHA256:923c405ad7ec207d4f608adfbc1249b204b22e50c30c225c398b7fd2589ca34c
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-twilight.js
MD5: ea3f49920dd229d3675182881197b7d1
SHA1: af4e73723223453e33c6de01655d80dc52b42e7f
SHA256:29180803e3fa98000e69df639df5522d4565d050578e395a8cfbe9863b1b215f
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-vibrant_ink.js
MD5: 8dc3ad21e1fdd5e66f7d152261903b5b
SHA1: 11d9681e82e8091a94363870490268a5d25dc9a2
SHA256:86618046772dc73a348a1e69607f9c506c175ffebdcfe59fc41b580096fd2a44
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/theme-xcode.js
MD5: e635359d387533de27a83f128812cc05
SHA1: fe33fc9ec6f1b1acf4d1adf15d0f3bb70d34335d
SHA256:3c427d1a62485578778f478bcceaa75123654ef0545aaa5bde54d657d95f1eab
Referenced In Project/Scope:WebGoat
Description:
Tiles Core Library, including basic implementation of the APIs.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /home/josh/.m2/repository/org/apache/tiles/tiles-core/2.2.2/tiles-core-2.2.2.jar
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/toggle.js
MD5: f3d41a91c9cf5c0738d59c721acd7c2f
SHA1: 04a2f507f282e552e70ba02e022edd5b55937345
SHA256:3e48f7032f0e8f2c0c56e8762fd2a195dc32cdd90dfc5bf949ddf3c433b2e515
Referenced In Project/Scope:WebGoat
Description:
Annotations Package
File Path: /home/josh/.m2/repository/org/apache/tomcat/tomcat-annotations-api/7.0.27/tomcat-annotations-api-7.0.27.jar
MD5: b702578fc1b0fa3cc4bc045fde56a0af
SHA1: 43de2bcd1b031daba05d8aebbaf8cce4bed0d34e
SHA256:5dac4014a20e6f17d4bdfeaca346b5ff356abc0b8e8f383045585b2e9dfc7f4e
Referenced In Project/Scope:WebGoat:provided
Description:
Definition of interfaces shared by Catalina and Jasper
File Path: /home/josh/.m2/repository/org/apache/tomcat/tomcat-api/7.0.27/tomcat-api-7.0.27.jar
MD5: b608785beed29ece882ef782695e3b69
SHA1: a39075408b5725cc8dde84cfd2816099df885711
SHA256:785aaffb22de90cac8af21fc11981d45ed47b2ff6197204b7ba5a6552b63d68e
Referenced In Project/Scope:WebGoat:provided
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.CWE-284 Improper Access Control
Vulnerable Software & Versions: (show all)
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.NVD-CWE-Other
Vulnerable Software & Versions: (show all)
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.CWE-668 Exposure of Resource to Wrong Sphere
Vulnerable Software & Versions: (show all)
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.CWE-352 Cross-Site Request Forgery (CSRF)
Vulnerable Software & Versions: (show all)
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.NVD-CWE-Other
Vulnerable Software & Versions: (show all)
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.CWE-284 Improper Access Control
Vulnerable Software & Versions: (show all)
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.CWE-434 Unrestricted Upload of File with Dangerous Type
Vulnerable Software & Versions: (show all)
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.CWE-434 Unrestricted Upload of File with Dangerous Type
Vulnerable Software & Versions: (show all)
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vulnerable Software & Versions: (show all)
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.CWE-399 Resource Management Errors
Vulnerable Software & Versions: (show all)
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.CWE-276 Incorrect Default Permissions
Vulnerable Software & Versions: (show all)
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.CWE-863 Incorrect Authorization
Vulnerable Software & Versions: (show all)
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.CWE-388
Vulnerable Software & Versions: (show all)
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.CWE-200 Information Exposure
Vulnerable Software & Versions: (show all)
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.CWE-200 Information Exposure
Vulnerable Software & Versions: (show all)
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.CWE-755 Improper Handling of Exceptional Conditions
Vulnerable Software & Versions: (show all)
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.CWE-384 Session Fixation
Vulnerable Software & Versions: (show all)
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Vulnerable Software & Versions: (show all)
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.CWE-94 Improper Control of Generation of Code ('Code Injection')
Vulnerable Software & Versions: (show all)
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.CWE-116 Improper Encoding or Escaping of Output
Vulnerable Software & Versions: (show all)
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.CWE-19 Data Processing Errors
Vulnerable Software & Versions: (show all)
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions: (show all)
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.CWE-203 Information Exposure Through Discrepancy
Vulnerable Software & Versions: (show all)
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.CWE-706 Use of Incorrectly-Resolved Name or Reference
Vulnerable Software & Versions: (show all)
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.NVD-CWE-noinfo
Vulnerable Software & Versions:
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.CWE-189 Numeric Errors
Vulnerable Software & Versions: (show all)
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.CWE-284 Improper Access Control
Vulnerable Software & Versions: (show all)
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Vulnerable Software & Versions: (show all)
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.CWE-200 Information Exposure
Vulnerable Software & Versions: (show all)
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.CWE-189 Numeric Errors
Vulnerable Software & Versions: (show all)
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.CWE-200 Information Exposure
Vulnerable Software & Versions: (show all)
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Vulnerable Software & Versions: (show all)
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Description:
Tomcat Servlet Engine Core Classes and Standard implementations
File Path: /home/josh/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.27/tomcat-catalina-7.0.27.jar
MD5: e6a1c40d390f6a23e87d9cd82535dd59
SHA1: 5636afa26acab10c72bb4e2ec49532a6937a44eb
SHA256:596da4a1c7acae65e7048921dfa805f3fa9da38a17c42488a43b8f53e2267f2b
Referenced In Project/Scope:WebGoat:provided
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.CWE-284 Improper Access Control
Vulnerable Software & Versions: (show all)
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.NVD-CWE-Other
Vulnerable Software & Versions: (show all)
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.CWE-668 Exposure of Resource to Wrong Sphere
Vulnerable Software & Versions: (show all)
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.CWE-352 Cross-Site Request Forgery (CSRF)
Vulnerable Software & Versions: (show all)
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.NVD-CWE-Other
Vulnerable Software & Versions: (show all)
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.CWE-284 Improper Access Control
Vulnerable Software & Versions: (show all)
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.CWE-434 Unrestricted Upload of File with Dangerous Type
Vulnerable Software & Versions: (show all)
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.CWE-434 Unrestricted Upload of File with Dangerous Type
Vulnerable Software & Versions: (show all)
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Vulnerable Software & Versions: (show all)
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.CWE-399 Resource Management Errors
Vulnerable Software & Versions: (show all)
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.CWE-276 Incorrect Default Permissions
Vulnerable Software & Versions: (show all)
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.CWE-863 Incorrect Authorization
Vulnerable Software & Versions: (show all)
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.CWE-388
Vulnerable Software & Versions: (show all)
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.CWE-200 Information Exposure
Vulnerable Software & Versions: (show all)
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.CWE-200 Information Exposure
Vulnerable Software & Versions: (show all)
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.CWE-755 Improper Handling of Exceptional Conditions
Vulnerable Software & Versions: (show all)
CVE-2018-1336 (OSSINDEX)
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Vulnerable Software & Versions (OSSINDEX):
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.CWE-384 Session Fixation
Vulnerable Software & Versions: (show all)
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Vulnerable Software & Versions: (show all)
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.CWE-502 Deserialization of Untrusted Data
Vulnerable Software & Versions: (show all)
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
CVE-2013-2067 (OSSINDEX)
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.CWE-287 Improper Authentication
Vulnerable Software & Versions (OSSINDEX):
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.CWE-94 Improper Control of Generation of Code ('Code Injection')
Vulnerable Software & Versions: (show all)
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.CWE-116 Improper Encoding or Escaping of Output
Vulnerable Software & Versions: (show all)
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.CWE-19 Data Processing Errors
Vulnerable Software & Versions: (show all)
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerable Software & Versions: (show all)
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.CWE-203 Information Exposure Through Discrepancy
Vulnerable Software & Versions: (show all)
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.CWE-706 Use of Incorrectly-Resolved Name or Reference
Vulnerable Software & Versions: (show all)
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.NVD-CWE-noinfo
Vulnerable Software & Versions: (show all)
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.NVD-CWE-noinfo
Vulnerable Software & Versions:
CVE-2012-5885 (OSSINDEX)
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions (OSSINDEX):
CVE-2012-5886 (OSSINDEX)
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.CWE-287 Improper Authentication
Vulnerable Software & Versions (OSSINDEX):
CVE-2012-5887 (OSSINDEX)
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.CWE-287 Improper Authentication
Vulnerable Software & Versions (OSSINDEX):
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.CWE-189 Numeric Errors
Vulnerable Software & Versions: (show all)
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.CWE-284 Improper Access Control
Vulnerable Software & Versions: (show all)
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Vulnerable Software & Versions: (show all)
CVE-2012-3546 (OSSINDEX)
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions (OSSINDEX):
CVE-2012-4431 (OSSINDEX)
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions (OSSINDEX):
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.CWE-20 Improper Input Validation
Vulnerable Software & Versions: (show all)
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.CWE-200 Information Exposure
Vulnerable Software & Versions: (show all)
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.CWE-189 Numeric Errors
Vulnerable Software & Versions: (show all)
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Vulnerable Software & Versions: (show all)
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.CWE-200 Information Exposure
Vulnerable Software & Versions: (show all)
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Vulnerable Software & Versions: (show all)
CVE-2013-2071 (OSSINDEX)
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.CWE-200 Information Exposure
Vulnerable Software & Versions (OSSINDEX):
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."CWE-264 Permissions, Privileges, and Access Controls
Vulnerable Software & Versions: (show all)
Description:
Tomcat Core Logging Package
File Path: /home/josh/.m2/repository/org/apache/tomcat/tomcat-juli/7.0.27/tomcat-juli-7.0.27.jar
MD5: 624c93006fdf73a1401ac52d8f1038c3
SHA1: 20ce78c872139424b73ed24d242a84b5bbee7125
SHA256:257e3ab8ce00dd7d1d8490bf1658798d976ed8df119a8b543660b9702e4a5e00
Referenced In Project/Scope:WebGoat:provided
Description:
javax.servlet package
File Path: /home/josh/.m2/repository/org/apache/tomcat/tomcat-servlet-api/7.0.27/tomcat-servlet-api-7.0.27.jar
MD5: 3deb28f230117828757dad33489a94b3
SHA1: a7159bb6b332fb3b67f8c2c4dfc2a1430892353e
SHA256:105230d2be60b437e2106018e5da8a03bad59de0498075266fd9e1caed39c496
Referenced In Project/Scope:WebGoat:provided
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/toml.js
MD5: 23881bd0269699cae8706f6272500932
SHA1: 3fea0af27b51a2aa51b34f1d8ed38752df519750
SHA256:1d67f35995a3b06f52627f65120dbc1f7ae0943e55ff7c36195dcc2d1a5376b0
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/twig.js
MD5: 89c4e06b2839358d1b7c9aab41d54db6
SHA1: 7dd9c16110befd18c70992b8e2f8eafc1e6672dc
SHA256:96167d09fda11a64fa79a9fdc8778da0a8614947b8bd7e75400638b6919857d5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/typescript.js
MD5: 8d8c98424d26c90172ef042d464d875f
SHA1: 1ffb9145a7d71f8a0a9bcff3ef4ee7445456859c
SHA256:370f6dfbba4bc251edf4874cfb3f5aaa8bb78223402ea7a5fd29c40ce1fc4aa7
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/angular/ui-bootstrap-tpls-0.11.0.min.js
MD5: c9b7dffb8e14da8e0b2f2c07edf412df
SHA1: bd2d165a6bee09420191def94ff512eff400492f
SHA256:07fd40c55b17fc05c6ff192c31bee051239d12fabf3e63fbd5f24ae10084a2f7
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/vala.js
MD5: d7bd707368fd8847853e8e21909673a8
SHA1: d9bd5bad0f6ba1ff312b2f9d653957e63a11bc56
SHA256:af6043769e62ab5fdbab5fedbc5648ac403e2667e13d42e316e94ba861ad47aa
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/vbscript.js
MD5: b98f6310cb3f0a4e9fdc7a2f49803dee
SHA1: 1385be97b6be95b7f54057837aa54e890ddc07fa
SHA256:dba2bd3839e8b6e5389c527a94f5e09b7b6406260de90d5397b495f8b2a63e73
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/velocity.js
MD5: af96e8cd34e76f0fd3f0d14d13e389b6
SHA1: 6245d63267b3bb347d8b3128159ac20d3ef41a9c
SHA256:45e35e4cc5dd751dfc0bf5f53528f60e0d87d25da7ec5707f4558c37d01a7b4a
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/verilog.js
MD5: 38555d4343c7d5810ffff7e3f678fcc2
SHA1: 857c7323d2d695b73fec5ccfa5e775d06643c39f
SHA256:cf38ce2894529fd7200d68488db3a03c17d8373958143a03337b5c40875629eb
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/vhdl.js
MD5: a5fb086ff399ea976759cdfffb3d1479
SHA1: 01d9a22d35c2886f2a6c62c848da388602dbb390
SHA256:964254893abdf9e73e7d7f7e96f8fa02b62e3cff9cd37be5c657386fb4dc29ab
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/worker-coffee.js
MD5: 3c52ecfc547a70e11695df8e1305ae19
SHA1: 94cbd1e53327d72de7e49093158cd46660b9cf6c
SHA256:83d95cd7e3b1e7c34f062545e2ad887d5e68141542bf1a998ee60a1e7986214b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/worker-css.js
MD5: 5fdb4466d08717acd94a8b6cee2069da
SHA1: 0fa73b64c34fa780968e3620401e2377863a81df
SHA256:daac26159f9b6644b8cb928329146c0f2c456d526bd14ff7a0c3e789615eb76b
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/worker-html.js
MD5: f49819af826d7bb9ab201107a69e3417
SHA1: a6814ea6889478e957e9fea09942b38cf6617f9b
SHA256:95b4719e5f0b3f873999457af6cb035638d0afb8c92da17651822a947d4c252f
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/worker-javascript.js
MD5: 91f1e31809577c559de97b754615c28b
SHA1: 4fafeed656e8cac62025caf7a1ad76e5f417a3bf
SHA256:316b641674a50a324aee38cf951e2b376e87e5a7e15f8dc90d467de1097148c1
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/worker-json.js
MD5: e7f382456f7db6409c52ef9f6f34e9ce
SHA1: 79c05f5b0ca5fe4ba71313284851acf34765ddf6
SHA256:a38cbd960ab83518aa59c26fc83ec15d34999684b7b3e217fba2fc8bae8a78f8
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/worker-lua.js
MD5: 60cdef6f325ad8c2887d0049fb6f00e2
SHA1: 380863d67af54545f4d3ee03046396008b88ea95
SHA256:5c5f705a75306ed1bdef22402614b19767b370622f57b7aff2e49458dcdd1751
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/worker-php.js
MD5: 48b6c962e2b5249f1d8453e0cc72252f
SHA1: 19c1b0f1a6e4a97af4899165288e42006c21545b
SHA256:de249b949a587d801e94b2cc69f00c3a330e48730c2990ebedb504973c6f5199
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/worker-xquery.js
MD5: e1fb5f80100d7d6541c9fca56c751472
SHA1: 7fcc1ec6203580f39583dd37edcc25e7c276bb01
SHA256:99c8ed3330325e8cb9e69f93e565961e233e00dd882515b20569ac7d4e8d4ac5
Referenced In Project/Scope:WebGoat
Description:
Java stub generator for WSDL
File Path: /home/josh/.m2/repository/wsdl4j/wsdl4j/1.5.1/wsdl4j-1.5.1.jar
MD5: e76bf26b6955a7fa73d85d096be6e1a6
SHA1: bd804633b9c2cf06258641febc31a8ff3b0906bc
SHA256:7729134d666f27a18ac3c674c16014624376445ec8686bfa60ac648f48b1ece8
Referenced In Project/Scope:WebGoat:compile
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js
MD5: 67170288d452d4f16942813e6e193df1
SHA1: 599fcc6acd0fbaccd03403d62055ee2477da3678
SHA256:69c40b32dfd4a4bb921245031a238ece4849e0d411212cae9fe70b6fd09563e5
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/xml.js
MD5: 7a8b1cc45a44d495721bce4e38617206
SHA1: e17f72aec6bb8f298a3da0e69b40f6935d2b8363
SHA256:3e09aa5f6be498f90e86043bfdc54d244a46375a2173f9783cb9d68e1a646a42
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/xquery.js
MD5: 25de11e0cd7f84af2d226df431ec3586
SHA1: a94764ffd057782ca876de246dfd5a9377f7bd23
SHA256:32e95c45d8e6418291b8197d5e5272c15450571ede2d1cf3361307097214b6f3
Referenced In Project/Scope:WebGoat
File Path: /mnt/c/Users/josh/Documents/VMShares/WSL/Work/WebGoat-Legacy/src/main/webapp/js/ace/snippets/yaml.js
MD5: 109add5f1a36872e44e9130e6ca75b6b
SHA1: 4057738f678896ca4e3cf5b0cb129757009f8521
SHA256:f84c2c06045f51490ec0c669eeda6059d63d9f53f3a1a25c4b6b6cf536f85568
Referenced In Project/Scope:WebGoat